SnortSnarf alert page

Destination: 192.168.1.6

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

7770 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:28:16.317715 on 04/17/2003
Latest: 08:22:04.099641 on 06/17/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-18:28:16.317715 216.39.48.94:41113 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x11CC87FD  Ack: 0x443DE468  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 328814257 435361094 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:39:03.510258 216.39.48.54:43697 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E1FB2FC  Ack: 0x4F582C24  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329234939 437536378 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:18.916733 24.209.118.134:3636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18580 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4529FE32  Ack: 0x75FC2499  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:19.470421 24.209.118.134:3674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18734 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45468B37  Ack: 0x75DC7108  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:22.685527 24.209.118.134:3969 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19544 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4627B1A2  Ack: 0x75A08770  Win: 0x4440  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:22.939782 24.209.118.134:3983 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19611 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46320BE7  Ack: 0x76501EA8  Win: 0x4440  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:23.127855 24.209.118.134:4007 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4644386C  Ack: 0x75F185C1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:49:23.419924 24.209.118.134:4022 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19698 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4650650C  Ack: 0x75D7D9DE  Win: 0x4440  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:49:23.625370 24.209.118.134:4035 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19762 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x465A17D9  Ack: 0x763040A1  Win: 0x4440  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:23.857936 24.209.118.134:4067 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19817 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46724014  Ack: 0x757ED2C0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.060041 24.209.118.134:4092 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19877 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46852FDA  Ack: 0x75FAFEB0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.304649 24.209.118.134:4110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4691D7F6  Ack: 0x763335D7  Win: 0x4440  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.558852 24.209.118.134:4121 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x469B4A65  Ack: 0x767C5F21  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.759857 24.209.118.134:4142 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46ABE7FF  Ack: 0x7658D76E  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.965869 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20117 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB  Ack: 0x768701E1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:27.939743 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21167 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB  Ack: 0x768701E1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:28.173476 24.209.118.134:4494 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x47C176A2  Ack: 0x769B372F  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:28.436395 24.209.118.134:4521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21367 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x47D75F8D  Ack: 0x767DFB56  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:31.684194 24.209.118.134:4841 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:22345 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48CE9BC8  Ack: 0x762B09D1  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:55:43.903728 216.39.48.104:37763 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59912 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5BD5D06C  Ack: 0x8DAFF977  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329333370 438048754 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:32.597613 24.209.118.134:4295 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7FFFD638  Ack: 0xB2DBE41B  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:32.929200 24.209.118.134:4680 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35259 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8125B03E  Ack: 0xB2D88765  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.134119 24.209.118.134:4722 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35372 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8146606E  Ack: 0xB28C4149  Win: 0x4440  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.549946 24.209.118.134:4756 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35562 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8163C968  Ack: 0xB2AB0859  Win: 0x4440  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.862769 24.209.118.134:4796 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35718 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x817EDA46  Ack: 0xB253B9D0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-20:05:34.206099 24.209.118.134:4831 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35834 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x819B5684  Ack: 0xB3347A75  Win: 0x4440  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-20:05:38.142535 24.209.118.134:1225 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37090 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82B8ED36  Ack: 0xB340906F  Win: 0x4440  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:39.174161 24.209.118.134:1332 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37360 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x830A7AFE  Ack: 0xB3666904  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:50.204537 24.209.118.134:2221 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39884 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85B7E42E  Ack: 0xB4369E6F  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:50.781432 24.209.118.134:2252 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40008 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85D1EC47  Ack: 0xB4132365  Win: 0x4440  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:51.292490 24.209.118.134:2324 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8605A0C0  Ack: 0xB3BBC22D  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:54.728877 24.209.118.134:2477 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40915 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8684D181  Ack: 0xB41E0012  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:55.694025 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:41280 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862  Ack: 0xB46D8FE7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:58.735996 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:42156 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862  Ack: 0xB46D8FE7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:05.075362 24.209.118.134:3573 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44400 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89E15A99  Ack: 0xB4374BC7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:05.609659 24.209.118.134:3584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44489 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x89EB6605  Ack: 0xB50C99BA  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:09.361589 24.209.118.134:3798 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A8EB3A0  Ack: 0xB4F3FD45  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-22:25:41.745488 216.39.48.4:51786 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x935108D2  Ack: 0xC3F94092  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29575344 442657167 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-22:51:33.075155 64.68.82.25:32776 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:55030 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF4A9D649  Ack: 0x26605089  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 441057484 443451712 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-23:03:53.479929 216.39.48.4:57184 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3408 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2372CAED  Ack: 0x5528ABCD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29804464 443830940 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-23:53:20.020843 216.39.48.104:37349 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25904 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDCCA9CCD  Ack: 0xFC720EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 330758642 445350301 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-01:09:24.038811 216.39.48.44:38253 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56074 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFC49E996  Ack: 0x2E6BEFB0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 321860266 447687873 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-04:22:53.472111 24.209.37.151:1828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2CED16A  Ack: 0x9CFA7D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-04:22:53.491624 24.209.37.151:1828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62726 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2CED71E  Ack: 0x9CFA7D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-04:51:37.260561 66.196.65.24:46316 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:22037 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6D6E12E6  Ack: 0x763D1B93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-06:54:05.281254 24.209.37.151:2073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45561 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1185D9FF  Ack: 0x44748B01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-06:54:05.300243 24.209.37.151:2073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45562 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1185DFB3  Ack: 0x44748B01  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-07:50:22.733623 24.209.37.151:1411 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6695F2  Ack: 0x19557E62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-07:50:22.759256 24.209.37.151:1411 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A669BA6  Ack: 0x19557E62  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:36:43.586703 24.57.76.37:4612 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58985 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD86A2EE2  Ack: 0xAB174F75  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:36:49.352827 24.57.76.37:4942 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59883 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9359523  Ack: 0xAB044A4E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:17.187717 24.57.76.37:1156 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61792 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9C855E0  Ack: 0xAB842C5F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:17.344940 24.57.76.37:1726 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61825 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDBB2B7AD  Ack: 0xACED5CEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-09:37:20.535079 24.57.76.37:1793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61987 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDBEAB7E4  Ack: 0xAD4D6114  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-09:37:23.714666 24.57.76.37:1860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62154 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC26E184  Ack: 0xACD93174  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:26.939886 24.57.76.37:1935 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62343 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC694100  Ack: 0xAD6F1B5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:36.211675 24.57.76.37:2146 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62794 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD284B3E  Ack: 0xAEAFA093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:36.403710 24.57.76.37:2150 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62811 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD2C1934  Ack: 0xAE791341  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.596471 24.57.76.37:2221 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63020 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD698B95  Ack: 0xAEF5F9D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.772904 24.57.76.37:2229 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63043 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD6F456B  Ack: 0xAF5D8ECF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.956971 24.57.76.37:2236 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63075 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDD755AA2  Ack: 0xAEEFB3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:43.002635 24.57.76.37:2236 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63374 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDD755AA2  Ack: 0xAEEFB3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:38:04.503862 24.57.76.37:2794 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64380 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDF5EEDC0  Ack: 0xB00E0EC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:52:38.723775 24.209.37.151:3305 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB69C306  Ack: 0xE70B1CBA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:52:38.765690 24.209.37.151:3305 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB69C8BA  Ack: 0xE70B1CBA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.918970 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF950BA  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.926542 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6184 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF9566E  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-11:23:15.591410 216.39.48.114:49695 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61309 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA2EC417  Ack: 0x3DC4EDDB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 334900090 466551912 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:34:55.818597 24.209.163.52:1708 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7E32856  Ack: 0x6AC15B00  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-11:35:11.966007 216.39.48.24:32914 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28421 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x36D71485  Ack: 0x6B746853  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 316963733 466918808 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:30:45.959262 66.196.65.24:31489 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:41543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3B826B7D  Ack: 0x3DAD8B1F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:44:50.283731 24.209.37.151:4629 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x437FF86E  Ack: 0x71BCCDD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:44:50.306012 24.209.37.151:4629 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x437FFE22  Ack: 0x71BCCDD1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:04.041551 216.39.48.13:49879 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20627 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x43B09D09  Ack: 0x76AC18F2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400361 469096587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:24.710320 24.90.92.167:2662 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26981 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFDD12AF9  Ack: 0x78BCE363  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:27.554673 24.90.92.167:2662 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27359 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFDD12AF9  Ack: 0x78BCE363  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:39.539045 24.90.92.167:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29213 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFF604087  Ack: 0x79241020  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:40.900891 24.90.92.167:3166 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29401 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFF7901A7  Ack: 0x798F9EB2  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:41.699426 24.90.92.167:3215 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29544 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFA18674  Ack: 0x79402189  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:42.722772 24.90.92.167:3245 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFFBB34A3  Ack: 0x79ACD683  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:43.927089 24.90.92.167:3267 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29844 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFCF5AF9  Ack: 0x7941F05F  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:44.929229 24.90.92.167:3298 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30000 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFEB591C  Ack: 0x79A654EA  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:45.844146 24.90.92.167:3340 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30129 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD1AB  Ack: 0x79C0CC77  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:50.501434 24.90.92.167:3459 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7056FB  Ack: 0x79A09C4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:51.173816 24.90.92.167:3505 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30856 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x953D40  Ack: 0x79D2C1D2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:52.209702 24.90.92.167:3525 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30986 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA63932  Ack: 0x7A0FC3B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:53.413176 24.90.92.167:3554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBE5A55  Ack: 0x7991175C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:58.104873 24.90.92.167:3688 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31762 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1363AAE  Ack: 0x7A6120D1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:59.233080 24.90.92.167:3722 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31931 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x153C827  Ack: 0x7A4C624D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:47:00.054099 24.90.92.167:3751 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:32092 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x16FC21C  Ack: 0x7A74D200  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:47:11.032799 24.90.92.167:4117 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x29D594C  Ack: 0x7B5F8CA2  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.927427 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC4FFC  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.969805 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC55B0  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:02:28.514555 24.209.37.151:2480 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34094 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC224ACF  Ack: 0xB502580B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:02:28.537078 24.209.37.151:2480 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC225083  Ack: 0xB502580B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:09:18.304478 24.209.37.151:1716 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:24832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17004BBF  Ack: 0xCE314E12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:09:18.347423 24.209.37.151:1716 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:24833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17005173  Ack: 0xCE314E12  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:41.445461 24.62.250.72:4585 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40210 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D9EF49  Ack: 0x19A3FFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:43.506342 24.62.250.72:4620 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40310 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x16FA3660  Ack: 0x19A0908  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:46.834898 24.62.250.72:4685 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40534 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1738DE8F  Ack: 0x15A4A77  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:47.139930 24.62.250.72:4690 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40560 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x173E7431  Ack: 0x1D29487  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:56.648119 24.62.250.72:4872 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41072 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x17DAD2DB  Ack: 0x22849EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:22:56.958935 24.62.250.72:4881 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41095 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x17DF2CE8  Ack: 0x25933DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:23:00.145221 24.62.250.72:4891 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41234 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x17E64776  Ack: 0x1B10FC0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:03.743297 24.62.250.72:1027 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41334 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1838498E  Ack: 0x1F44012  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:04.017295 24.62.250.72:1031 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x183B9EC9  Ack: 0x249B7FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:07.548641 24.62.250.72:1091 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41554 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18744665  Ack: 0x30DF9EE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.208475 24.62.250.72:1147 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41707 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18A9D704  Ack: 0x32E0529  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.446613 24.62.250.72:1150 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41724 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18ACB1F7  Ack: 0x2A24B11  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.697741 24.62.250.72:1158 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41737 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x18B17918  Ack: 0x298A9A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.964459 24.62.250.72:1162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41750 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18B51B85  Ack: 0x27EFAA2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:12.196519 24.62.250.72:1167 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41762 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x18B9BF0F  Ack: 0x36D72ED  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:15.673552 24.62.250.72:1210 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18E63F9F  Ack: 0x360A647  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:34:29.822269 216.39.48.4:39990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFB396F6C  Ack: 0x2D6053F5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 35026858 470584857 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-14:05:08.650806 66.196.65.24:61789 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:1744 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x12D1618  Ack: 0xA16E9A04  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.949826 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC22DF  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.976923 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC2893  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:56:32.996190 24.209.37.151:2298 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9610C8A2  Ack: 0x6307A45C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:56:33.018624 24.209.37.151:2298 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9610CE56  Ack: 0x6307A45C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-15:16:56.089019 24.209.37.151:3051 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:29847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3755C236  Ack: 0xB111BA06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-15:16:56.104108 24.209.37.151:3051 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:29848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3755C7EA  Ack: 0xB111BA06  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:31:22.679982 216.39.48.64:56727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45758 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB38E6E76  Ack: 0xE7BB5447  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336387295 474176592 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:35:01.489515 216.239.46.134:19176 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:21141 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xC0591F69  Ack: 0xF434C177  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39503278 474288581 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:54:56.420065 216.39.48.64:39025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8485 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC4229C  Ack: 0x3FDAC7A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336528636 474900661 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-16:25:21.895013 24.147.6.158:2225 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8CAA3F  Ack: 0xB3517360  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-16:25:21.901769 24.147.6.158:2225 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8CAFF3  Ack: 0xB3517360  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:02:08.998107 24.209.37.151:1279 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x665FB530  Ack: 0x3D0D8B49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:02:09.019881 24.209.37.151:1279 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x665FBAE4  Ack: 0x3D0D8B49  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.548533 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE16CE  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.577902 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE1C82  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:27:06.240044 24.209.37.151:2186 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20ECE23A  Ack: 0x9C119B5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:27:06.265624 24.209.37.151:2186 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20ECE7EE  Ack: 0x9C119B5C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:45:39.656339 24.209.37.151:2473 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8B5BDE0  Ack: 0xE1EF93FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:45:39.678076 24.209.37.151:2473 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8B5C394  Ack: 0xE1EF93FC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-18:24:17.920000 216.39.48.104:57461 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19834 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x407FE494  Ack: 0x73DB2904  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337422843 479490518 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-18:34:05.737194 216.39.48.84:35930 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21142 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x64D7D854  Ack: 0x9942EA00  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337480405 479791591 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.546495 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF3F51  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.562813 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65235 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF4505  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:39:43.355214 24.209.37.151:1309 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D4D564B  Ack: 0xAE899AD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:39:43.376481 24.209.37.151:1309 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D4D5BFF  Ack: 0xAE899AD9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-19:27:56.442406 24.61.163.31:3796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA30D0C25  Ack: 0x649104FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-19:27:56.443681 24.61.163.31:3796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA30D11D9  Ack: 0x649104FC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-19:50:28.623158 216.39.48.54:37118 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10228 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x85BAB47E  Ack: 0xB977EC1E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337941406 482138803 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-19:59:29.067962 66.196.65.24:16916 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:25365 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x30F2E9B  Ack: 0xDB4D1621  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-20:01:51.864162 216.39.48.33:58743 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15116 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB12D6409  Ack: 0xE41ECA26  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 328752910 482488750 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-20:04:08.805929 216.39.48.94:44876 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12704 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB969D227  Ack: 0xECDFF130  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338027461 482558888 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:13:31.211212 24.67.245.128:2549 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x98D58292  Ack: 0x111F7C1C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:13:31.259473 24.67.245.128:2549 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52451 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x98D58846  Ack: 0x111F7C1C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.805120 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9449 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D6B70  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.834013 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D7124  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:03:59.948809 216.39.48.44:51873 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42050 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9B262E75  Ack: 0xCF7BB42F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329026116 484398152 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:24:36.212313 216.39.48.74:46870 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64913 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE90FD7AE  Ack: 0x1DC3FB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338504241 485031334 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:29:54.287864 204.210.234.90:49266 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:20125 IpLen:20 DgmLen:380 DF
***AP*** Seq: 0x3E8D4229  Ack: 0x31B77ACD  Win: 0x8218  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2029997262 485194260

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.537805 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4554  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.570066 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4B08  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:41:32.388653 216.39.48.114:40093 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20992 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x28569027  Ack: 0x5D673887  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338608916 485551795 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.230199 24.30.204.145:2104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42658 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5260352C  Ack: 0x78788FDA  Win: 0x2058  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.576051 24.30.204.145:2131 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8099 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B162DDA  Ack: 0x77908843  Win: 0x2058  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.699290 24.30.204.145:2142 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19107 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB496E859  Ack: 0x77B3ECE5  Win: 0x2058  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:25.048238 24.30.204.145:2872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:2222 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xADE179E2  Ack: 0x7899F6B2  Win: 0x2058  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.334164 24.30.204.145:3147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14770 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x989BBFB3  Ack: 0x78F01E06  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-22:56:28.435078 24.30.204.145:3154 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:21938 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A372164  Ack: 0x78BFD2BB  Win: 0x2058  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-22:56:28.541251 24.30.204.145:3168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29874 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x574C3090  Ack: 0x78B7DA34  Win: 0x2058  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.659429 24.30.204.145:3172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40882 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x77BA6AFE  Ack: 0x7850C203  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.782366 24.30.204.145:3175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D25A006  Ack: 0x78B6B302  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.873960 24.30.204.145:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x752C4494  Ack: 0x78EBBCCF  Win: 0x2058  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.989889 24.30.204.145:3195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64946 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59F6A270  Ack: 0x790C2F3B  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.098278 24.30.204.145:3205 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8115 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67C45942  Ack: 0x78A2868A  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.205272 24.30.204.145:3208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12979 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3EF8D977  Ack: 0x787023AE  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.304320 24.30.204.145:3216 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23219 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A45080F  Ack: 0x793A81F0  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.422006 24.30.204.145:3232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40E327D8  Ack: 0x78814813  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.544125 24.30.204.145:3244 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50611 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x437E4655  Ack: 0x79452B2B  Win: 0x2058  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:12.628226 24.130.219.16:3746 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15730 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD006301E  Ack: 0xB0775A17  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:13.226546 24.130.219.16:3758 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15768 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD011E9B0  Ack: 0xB120887B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:16.827644 24.130.219.16:3814 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15952 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD0486AA5  Ack: 0xB1130040  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:17.667883 24.130.219.16:3825 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15981 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD0543AEB  Ack: 0xB0D5556C  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:21.256965 24.130.219.16:3872 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16086 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0828AFD  Ack: 0xB0DA5E3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-00:19:24.895509 24.130.219.16:3921 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16223 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD0B28798  Ack: 0xB17EF5D1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-00:19:34.418828 24.130.219.16:4054 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16584 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD13483F9  Ack: 0xB27F50AA  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:38.202240 24.130.219.16:4118 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16784 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD16FC7E7  Ack: 0xB228F44F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:47.934602 24.130.219.16:4243 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17096 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1F214A9  Ack: 0xB2769C4E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:57.738051 24.130.219.16:4362 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17419 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD26DFFD0  Ack: 0xB3B9B55F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:01.045304 24.130.219.16:4430 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17637 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD2AB1544  Ack: 0xB3E20324  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:04.645897 24.130.219.16:4498 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17855 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD2E81C6E  Ack: 0xB3CB019C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:04.967541 24.130.219.16:4502 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17872 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD2EC2217  Ack: 0xB43346CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:08.296820 24.130.219.16:4553 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18030 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD31D7BAA  Ack: 0xB39C8113  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:11.286064 24.130.219.16:4553 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18145 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD31D7BAA  Ack: 0xB39C8113  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:11.590088 24.130.219.16:4600 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18156 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD34AB747  Ack: 0xB4129C2A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:12.073918 24.130.219.16:4602 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18174 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD34D4C0A  Ack: 0xB44BEA6E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:27:28.885322 24.209.37.151:1486 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5907135  Ack: 0xB1CB6242  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:27:28.910900 24.209.37.151:1486 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20533 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD59076E9  Ack: 0xB1CB6242  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-01:32:47.682709 66.196.65.24:35164 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:32457 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x67B2E73C  Ack: 0xC6EE486F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:40:39.840584 24.209.37.151:4806 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30255 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x22FCED54  Ack: 0xE476A84B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:40:39.878911 24.209.37.151:4806 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x22FCF308  Ack: 0xE476A84B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-02:49:15.804594 216.39.48.13:38209 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36287 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB26F7612  Ack: 0xE83B3D49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 340458426 495008215 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:01:10.264487 216.39.48.33:39404 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFA32D5E  Ack: 0x14CC717E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 331268051 495374136 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:35:50.112135 216.39.48.84:53114 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:26607 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x627A4740  Ack: 0x98996BF5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 340730081 496439369 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:48:03.106583 66.196.65.24:65527 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:20324 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9415F5B7  Ack: 0xC64D74F1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-04:53:30.671532 216.39.48.24:42604 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12285 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8887AB01  Ack: 0xBD355E56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 323192072 498826382 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-15:44:29.953731 216.39.48.94:60578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3789 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE147728C  Ack: 0x1D5D5E01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371031118 651631392 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:13:30.330130 216.39.48.4:39601 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36524 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4D70EEA4  Ack: 0x899A6DA0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70541334 652522764 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:23:06.000420 216.39.48.64:58186 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58226 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x738A10BF  Ack: 0xAE5DEDC5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371258331 652817606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:26:46.793703 216.39.48.64:44398 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43420 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80A5E3A0  Ack: 0xBBDC1339  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371280405 652930674 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:31:06.562443 66.196.65.24:35113 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:42797 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5B694660  Ack: 0xCC650FE0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:33:55.360222 216.39.48.13:38182 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34315 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9BA683B7  Ack: 0xD6829168  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371328462 653150181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:46:56.883335 24.209.184.90:4976 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37645 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB85ADE7  Ack: 0x97647E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:46:56.901648 24.209.184.90:4976 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37646 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB85B39B  Ack: 0x97647E0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:51:00.716894 209.237.238.158:2181 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:10211 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x2BCC5084  Ack: 0x17E4A8BE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 631348573 653675344 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:51:41.616906 24.209.203.150:3400 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:59069 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0485C26  Ack: 0x1AD72A18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:51:41.653107 24.209.203.150:3400 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:59070 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC04861DA  Ack: 0x1AD72A18  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:27.110047 24.166.119.88:4711 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x95CC79E9  Ack: 0x610E2DCB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:30.008864 24.166.119.88:4711 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59757 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x95CC79E9  Ack: 0x610E2DCB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:31.640088 24.166.119.88:4881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59975 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9631B885  Ack: 0x614D2473  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:34.416211 24.166.119.88:4881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60385 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9631B885  Ack: 0x614D2473  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:40.236902 24.166.119.88:1105 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61165 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x96AAE47E  Ack: 0x61A7F760  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:42.483298 24.166.119.88:1250 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61500 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x972A0DAB  Ack: 0x61D42A39  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:47.900496 24.166.119.88:1391 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62250 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97A3541B  Ack: 0x624942AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:10:53.061106 24.166.119.88:1530 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:63013 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x981F2A35  Ack: 0x633C1F98  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:11:01.494021 24.166.119.88:1658 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64144 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98900F25  Ack: 0x63B59957  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:03.727724 24.166.119.88:1798 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64467 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9909F8AC  Ack: 0x63E18D67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:05.984677 24.166.119.88:1860 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64769 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x993E23A1  Ack: 0x640D527C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:08.149118 24.166.119.88:1917 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65078 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x996FBE5A  Ack: 0x640FAF7C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:13.857077 24.166.119.88:2053 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E78BB8  Ack: 0x6418E411  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:16.659155 24.166.119.88:2053 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:639 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E78BB8  Ack: 0x6418E411  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/22-17:11:18.406820 206.252.192.18:65354 -> 192.168.1.6:54732
TCP TTL:52 TOS:0x0 ID:22330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9B29AA3C  Ack: 0x5F3FA68F  Win: 0x21F0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1795337102 654299046

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:25.620384 24.166.119.88:2329 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1698 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9ADFD8EE  Ack: 0x651BBA68  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:28.286069 24.166.119.88:2397 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2002 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9B1AC410  Ack: 0x64891FFA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:31.413942 24.166.119.88:2466 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B597242  Ack: 0x64FCF676  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:34.545525 24.166.119.88:2539 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2733 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B9A4372  Ack: 0x656422A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:37.184371 24.166.119.88:2618 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3052 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9BDB7D6A  Ack: 0x65F7E03B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:15:36.078292 24.209.203.150:1916 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EB36326  Ack: 0x75305B8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:15:36.110417 24.209.203.150:1916 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EB368DA  Ack: 0x75305B8E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:21:05.162131 24.209.37.151:3296 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA992A6E  Ack: 0x89C2C579  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:21:05.181395 24.209.37.151:3296 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA993022  Ack: 0x89C2C579  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:27:00.625900 24.209.184.90:2102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AF1E552  Ack: 0x9F3CEE2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:27:00.630619 24.209.184.90:2102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23898 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AF1EB06  Ack: 0x9F3CEE2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:31:05.011256 81.57.79.96:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:53836 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1FB184E  Ack: 0xAF4CFB6B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:31:05.045244 81.57.79.96:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:53837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1FB1E02  Ack: 0xAF4CFB6B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:31:06.048236 216.39.48.94:43514 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5934 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x73D52907  Ack: 0xAF6904BF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371670585 654907277 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:32:32.423789 66.196.65.24:57596 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:58118 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD13E1C83  Ack: 0xB4DC480F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:46:15.665598 216.39.48.54:51393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53134 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACF64056  Ack: 0xE821DE59  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371757031 655373163 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:02:47.562175 216.39.48.13:45402 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44603 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBBC860A  Ack: 0x27DC7936  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371861565 655881186 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:02:53.481882 24.209.203.150:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60959D82  Ack: 0x27C7EBB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:02:53.505187 24.209.203.150:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24608 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6095A336  Ack: 0x27C7EBB8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:09:40.918331 216.39.48.114:57124 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25787 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x51FDEEE  Ack: 0x41C40E8E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371898978 656092892 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:34:43.177141 24.209.203.150:1741 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17412A60  Ack: 0x9F5140B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:34:43.207395 24.209.203.150:1741 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2670 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17413014  Ack: 0x9F5140B1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:39:14.730411 24.209.203.150:1572 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A0B7A2  Ack: 0xB0C49080  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:39:14.750516 24.209.203.150:1572 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A0BD56  Ack: 0xB0C49080  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:40:21.981384 216.39.48.44:55376 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x787BF802  Ack: 0xB49B7247  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362724994 657035828 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:45:11.904210 24.209.184.90:3125 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47015 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5DE80  Ack: 0xC6F6BFC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:45:11.912106 24.209.184.90:3125 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47016 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5E434  Ack: 0xC6F6BFC7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:55:01.647024 218.151.92.100:3214 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:12070 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x33A995F  Ack: 0xECBCA486  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:55:01.669134 218.151.92.100:3214 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:12071 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x33A9EE5  Ack: 0xECBCA486  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.366505 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21143 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223492 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.753496 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21144 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223531 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:11:13.648217 24.209.203.150:3560 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE777B61D  Ack: 0x296D39CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:11:13.676689 24.209.203.150:3560 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE777BBD1  Ack: 0x296D39CA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:18:33.953759 24.209.37.151:1988 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27466A20  Ack: 0x4496E149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:18:33.999740 24.209.37.151:1988 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18384 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27466FD4  Ack: 0x4496E149  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.155967 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A59F87  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.188008 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A5A53B  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:38:06.079061 24.209.184.90:3263 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:13004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA385CA  Ack: 0x8FDBA56C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:38:06.085106 24.209.184.90:3263 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:13005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA38B7E  Ack: 0x8FDBA56C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:43:34.442336 216.39.48.94:38137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49900 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67339CBF  Ack: 0xA498558B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372465249 658978218 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:50:15.570389 216.39.48.114:39086 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28521 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80998077  Ack: 0xBCEBBB1F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372502304 659183654 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:56:43.591871 216.39.48.4:37296 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44248 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x992E6252  Ack: 0xD522FE56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71880342 659382385 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-20:02:32.445463 216.39.48.44:44359 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4044 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xAF614C3F  Ack: 0xEAB2EE34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 363217921 659561070 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/22-20:26:58.416448 66.185.140.170 -> 192.168.1.6
ICMP TTL:239 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:55642 -> 66.135.209.203:113
TCP TTL:48 TOS:0x0 ID:22552 IpLen:20 DgmLen:60 DF
Seq: 0x47C5D740  Ack: 0xD2DDA53E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-21:10:18.035796 24.209.203.150:1093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A21AC6F  Ack: 0xEBDB066B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-21:10:18.058895 24.209.203.150:1093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A21B223  Ack: 0xEBDB066B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-21:40:27.926476 216.39.48.24:50184 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25951 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1FB45E3D  Ack: 0x5E8C7F51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 355154799 662570316 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-21:51:47.096051 216.39.48.104:36007 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44572 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4BCBAC40  Ack: 0x8933D3BD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373228082 662918165 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:02:38.828190 216.39.48.94:56587 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25797 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x745C7DE2  Ack: 0xB1618445  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373299503 663251967 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:17:38.934484 24.209.203.150:3890 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:85 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC86AAB48  Ack: 0xEA9AF894  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:17:38.954319 24.209.203.150:3890 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:86 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC86AB0FC  Ack: 0xEA9AF894  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:41:33.727328 24.209.203.150:3849 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54355 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42EA8993  Ack: 0x43F3DF94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:41:33.778423 24.209.203.150:3849 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54356 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42EA8F47  Ack: 0x43F3DF94  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:57:17.339488 24.209.37.151:2294 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6320229  Ack: 0x7F279858  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:57:17.379748 24.209.37.151:2294 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA63207DD  Ack: 0x7F279858  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:57:28.990021 216.39.48.64:38133 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20426 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x439A4337  Ack: 0x8005D322  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373624077 664937081 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:37.163239 24.112.68.208:5835 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:33924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x55A97E65  Ack: 0x6B6D006B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:38.663615 24.112.68.208:5962 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34241 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x560F2912  Ack: 0x6B16E2DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:39.659538 24.112.68.208:6004 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34449 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56319AE7  Ack: 0x6B292AE5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:49.673259 24.112.68.208:6543 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36481 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x57E9CFDB  Ack: 0x6B8655B8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:50.673574 24.112.68.208:6594 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36649 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58156F22  Ack: 0x6C310CDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-23:59:52.182312 24.112.68.208:6680 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5857E9E9  Ack: 0x6C299AD6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-23:59:53.175223 24.112.68.208:6754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37132 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5896BAF4  Ack: 0x6C961531  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:57.174755 24.112.68.208:6786 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37738 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x58B1E784  Ack: 0x6C97D26E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:59.167451 24.112.68.208:7035 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38133 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5982E5A6  Ack: 0x6C0AB6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:00.195515 24.112.68.208:7082 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38230 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59A96CCF  Ack: 0x6C16823C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:01.181100 24.112.68.208:7096 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59B83551  Ack: 0x6CCFB7A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:14.184252 24.112.68.208:7609 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5B5BD7F4  Ack: 0x6DA30AE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:15.695423 24.112.68.208:7845 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40772 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5C162C77  Ack: 0x6D28973B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:25.236404 24.112.68.208:7859 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C22BEA8  Ack: 0x6D542FA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:26.215962 24.112.68.208:8409 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5DD75F7B  Ack: 0x6DE3B93A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:36.724668 24.112.68.208:8996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44968 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FAC64AB  Ack: 0x6EC70737  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:28:01.622430 216.39.48.84:51399 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16940 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9AC8093E  Ack: 0xD62F2B3D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374164260 667719525 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.462901 24.29.173.81:1289 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54638 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x90A860FC  Ack: 0x1E79E65A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.738663 24.29.173.81:1292 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x90AB945D  Ack: 0x1E7B40D0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.831029 24.29.173.81:1293 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54659 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x90ACCD34  Ack: 0x1EA2A72E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:25.991465 24.29.173.81:1528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x917BF073  Ack: 0x1EF38E83  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:35.219517 24.29.173.81:1808 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56158 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x926E13CD  Ack: 0x2018CAF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:47:35.321403 24.29.173.81:1815 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x927385D5  Ack: 0x1FD6B132  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:47:44.386373 24.29.173.81:2120 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9379A744  Ack: 0x20284F82  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:44.454627 24.29.173.81:2123 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57161 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x937C0F07  Ack: 0x20DB0958  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:44.532611 24.29.173.81:2128 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x937FF156  Ack: 0x208D064B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:47.782719 24.29.173.81:2232 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57450 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93D7705D  Ack: 0x20BA18B0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:50.972770 24.29.173.81:2232 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57702 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93D7705D  Ack: 0x20BA18B0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:52.068501 24.29.173.81:2313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57784 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9422146E  Ack: 0x2061E9D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:53.174082 24.29.173.81:2343 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57861 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x943CAE5D  Ack: 0x21443043  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.387551 24.29.173.81:2372 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57995 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x94578E28  Ack: 0x208EE82E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.472902 24.29.173.81:2391 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9469C17B  Ack: 0x212D5C63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.933643 24.29.173.81:2394 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x946B8B96  Ack: 0x20D67645  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:48:04.035685 24.29.173.81:2647 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58941 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95494B7C  Ack: 0x21E9C6AA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:51:46.900510 216.39.48.4:56965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39065 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF39048A9  Ack: 0x2FD100A1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73650252 668449510 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:34:47.272729 216.39.48.64:40289 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19488 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x94A23EEA  Ack: 0xD2D19B48  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374567684 669771101 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:45:34.371342 216.39.48.74:34299 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24673 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBE4D07C1  Ack: 0xFB562587  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374630316 670102526 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:13.447248 24.85.206.152:3651 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38211 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x68AAD9F3  Ack: 0x8F62045  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:14.554817 24.85.206.152:3683 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38353 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68C44923  Ack: 0x90BFC36  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:18.414642 24.85.206.152:3788 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38876 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x692094A3  Ack: 0x9E8E756  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:19.408923 24.85.206.152:3817 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x693AC015  Ack: 0x9DAB468  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:20.131171 24.85.206.152:3843 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39133 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69515D52  Ack: 0xA11A65D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:49:30.085751 24.85.206.152:4149 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40572 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A55B664  Ack: 0x9F85ADE  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:49:30.600189 24.85.206.152:4170 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A67FAA9  Ack: 0xA2216B3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:31.223457 24.85.206.152:4186 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40726 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6A75DFA3  Ack: 0xA3DB73A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:31.999589 24.85.206.152:4205 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40836 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A84E10F  Ack: 0xAA13133  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:32.854079 24.85.206.152:4240 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40944 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6AA00650  Ack: 0xA905309  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:33.589690 24.85.206.152:4261 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41061 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6AB15A4B  Ack: 0xA3EEC0D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:42.996259 24.85.206.152:4548 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42324 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BA84FB3  Ack: 0xAB67E5F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:43.170428 24.85.206.152:4554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42361 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6BADE263  Ack: 0xB27FBD4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:46.353088 24.85.206.152:4554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42726 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6BADE263  Ack: 0xB27FBD4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:52.960040 24.85.206.152:4821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43445 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C7C60AF  Ack: 0xBD383A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:55.893594 24.85.206.152:4821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43770 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C7C60AF  Ack: 0xBD383A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:56.873963 24.85.206.152:4975 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43877 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CCC69CB  Ack: 0xBD39EFF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:57.692042 24.85.206.152:1042 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43980 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CE3CF25  Ack: 0xC5175D6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:05:32.912613 216.39.48.24:35995 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60013 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9A494D7  Ack: 0x4696AA4E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 356744906 670716384 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:22:36.256710 216.39.48.84:43025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A932560  Ack: 0x8772C4D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374851562 671240509 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:36:51.893661 216.39.48.84:57038 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18030 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8008506A  Ack: 0xBDDE939F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374937106 671678742 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-03:41:32.960660 24.173.6.106:2908 -> 192.168.1.6:80
TCP TTL:15 TOS:0x0 ID:44248 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A00009A  Ack: 0xB1798184  Win: 0xB680  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-03:41:32.970460 24.173.6.106:2908 -> 192.168.1.6:80
TCP TTL:15 TOS:0x0 ID:44249 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A00064E  Ack: 0xB1798184  Win: 0xB680  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-03:43:11.043525 216.39.48.64:52894 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37491 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A38A1FE  Ack: 0xB82EE37C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375337882 673716744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:25:25.190767 216.39.48.84:58768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1A15C569  Ack: 0x56CA4437  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375588283 675014660 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:30:26.634277 216.39.48.33:52574 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21582 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D4E14E0  Ack: 0x6A2FA455  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 366362784 675169050 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:32:29.694828 64.68.82.26:37241 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:23663 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x344ECFDE  Ack: 0x71334A01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 486315354 675229964 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:971:3] WEB-IIS ISAPI .printer access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:48:34.662525 216.238.127.38:54607 -> 192.168.1.6:80
TCP TTL:236 TOS:0x0 ID:21673 IpLen:20 DgmLen:1222 DF
***AP*** Seq: 0x5F8F615  Ack: 0xADBD5BE4  Win: 0x2238  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS533][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:06:54.112806 216.39.48.94:44332 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6534 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6D7F7E4  Ack: 0xF31189D1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375844469 676289413 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:28:27.188541 216.39.48.54:42185 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12589 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x870E4B7  Ack: 0x4476B120  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375969194 676951690 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-05:37:37.430625 12.103.170.70:1856 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:28647 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x6CA8493D  Ack: 0x67C9B866  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:51:39.537905 216.39.48.84:47046 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:14307 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5FEEDD8F  Ack: 0x9CD519DB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376105597 677664807 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:51:46.035538 216.39.48.114:47088 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23178 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6047A726  Ack: 0x9CCE6F91  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376110522 677668139 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-06:47:22.120329 216.39.48.64:36328 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40828 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x31749025  Ack: 0x704BADD3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376442731 679376784 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-07:10:55.423146 216.39.48.104:47221 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:55828 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8B4EF5C5  Ack: 0xC86BCF87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376582115 680100636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-07:44:31.910218 216.39.48.114:52972 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52980 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95B810F  Ack: 0x4738A9A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376786953 681133422 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:07:09.357568 216.39.48.64:50796 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5EE81D4B  Ack: 0x9C175EE1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376921342 681828665 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:10:25.353723 216.39.48.94:60914 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6C3CE11E  Ack: 0xA938EB62  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376945349 681929052 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:05:20.156347 216.39.48.94:42915 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33822 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3B34456C  Ack: 0x781A24C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377274756 683616553 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:29:56.192520 216.39.48.44:58728 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53006 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9882E5C0  Ack: 0xD5094EB9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 368061120 684372535 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:55:54.151086 216.39.48.13:36737 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16117 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF9E85B39  Ack: 0x36F6ED55  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377578970 685170465 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:20:16.491394 216.39.48.13:34353 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x54E45456  Ack: 0x934283CE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377725172 685919444 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:54:51.918936 216.39.48.64:51706 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD8B1B5F1  Ack: 0x160E11CB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377927363 686982417 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-11:44:09.768601 216.39.48.94:40949 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12799 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x93337AD9  Ack: 0xD1076B29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378227506 688497341 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-12:02:15.930542 216.39.48.84:42425 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44880 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD6997933  Ack: 0x14BF605E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378328714 689053636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-12:11:50.665635 216.39.48.13:38073 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:41404 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFBAA7688  Ack: 0x38E0EFF6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378394442 689348003 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:03:45.620231 216.39.48.74:39137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22392 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBEBE2DB0  Ack: 0xFD0CC1A5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378698471 690943385 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:18:32.173713 216.39.48.44:50668 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18293 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF7465042  Ack: 0x35AB6BEC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 369432384 691397450 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:44:18.707823 216.39.48.84:52207 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21842 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x57AE78F4  Ack: 0x964FDC4B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378940848 692189547 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:53:32.620210 216.39.48.64:56667 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34493 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7C3897C5  Ack: 0xB8605ACF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378999182 692473235 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:26:57.688393 216.39.48.104:45917 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18304 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF9785E77  Ack: 0x3786FB2D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379197717 693500179 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:37:47.490102 66.196.65.24:16019 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:5613 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x23B1FDD9  Ack: 0x600489F7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:45:22.114048 216.39.48.33:60955 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40338 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F45154B  Ack: 0x7D3C16A8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370051304 694065833 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:57:48.532687 216.39.48.64:33854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6EBA9E69  Ack: 0xAB429CAB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379384683 694448130 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:08:54.147105 216.39.48.114:41672 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43384 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98E255F6  Ack: 0xD606ABAA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379452564 694789021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:18:30.978684 216.39.48.24:56637 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58478 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC32F725  Ack: 0xFA43D834  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 361501540 695084394 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:39:30.117129 216.39.48.94:39912 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8554 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC0DF4C4  Ack: 0x49D190F4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379639228 695729351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-16:17:21.169961 216.39.48.44:59982 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9350 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x99E15085  Ack: 0xD7FC27D6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370505024 696892533 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-16:44:14.136101 24.120.224.114:4050 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:48034 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E001EE  Ack: 0x3E5DE2DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-16:44:14.140643 24.120.224.114:4050 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:48035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E007A2  Ack: 0x3E5DE2DA  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/23-16:50:58.438773 63.144.64.70 -> 192.168.1.6
ICMP TTL:238 TOS:0x0 ID:25382 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:80 -> 63.144.89.250:2088
TCP TTL:42 TOS:0x0 ID:53216 IpLen:20 DgmLen:843 DF
Seq: 0x5722DCE1  Ack: 0xB2FCA63E
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:03:18.001552 216.239.46.82:54169 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:39075 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x47F351A3  Ack: 0x84D6E130  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 83241618 698301425 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:24:51.807399 216.39.48.44:60187 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:11850 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98388D60  Ack: 0xD7875D66  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370909989 698967146 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:37:41.766058 216.39.48.44:46649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56606 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC98512DB  Ack: 0x8EB7363  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370986967 699361491 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:01:09.199442 216.39.48.24:45996 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42124 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x223F5184  Ack: 0x6052D835  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362477123 700082345 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:08:00.638959 216.39.48.24:41604 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:395 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3B86976E  Ack: 0x7B203717  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362518257 700293073 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:16:06.466732 216.39.48.74:52817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62922 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5AF1E478  Ack: 0x986AC8F1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 380572110 700541887 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:23:30.330504 66.196.65.24:19041 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:45934 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA2104FDE  Ack: 0xB52AE2E9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-19:14:30.830177 24.129.124.68:4453 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x358FFDBD  Ack: 0x75B0CF47  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-19:14:30.847078 24.129.124.68:4453 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38801 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35900371  Ack: 0x75B0CF47  Win: 0xFC00  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-19:42:45.098608 216.39.48.24:47151 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47738 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA16AF8AD  Ack: 0xDFD25F90  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 363086563 703204476 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:16:56.350033 216.39.48.74:45459 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53766 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2324F315  Ack: 0x61D99128  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381296926 704255068 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:23:19.774670 216.39.48.104:54404 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22886 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3C44EE0E  Ack: 0x7A041B44  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381335417 704451440 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:34:05.202867 216.39.48.94:41577 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x63D9497A  Ack: 0xA2410C2B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381406346 704782021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.891560 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16203 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F478E2C  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.921280 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16204 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F4793E0  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.834863 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872713  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.865559 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872CC7  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:48:50.489938 216.39.48.84:51767 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6991 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4A1275  Ack: 0xDAB720E1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381487430 705235444 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:25:32.394177 216.39.48.114:37649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62708 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x26928104  Ack: 0x644CE6A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381711870 706363192 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:34:47.514744 216.39.48.94:37933 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x486E316B  Ack: 0x8752B135  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381770496 706647501 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:44:13.729679 216.39.48.64:57761 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5103 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6D0F3572  Ack: 0xAB7DAA88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381822634 706937503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:48:56.792523 216.39.48.104:43250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51906 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7F814758  Ack: 0xBCFD9DDC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381848996 707082483 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-22:56:28.691664 216.39.48.64:38051 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10542 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7D30EABD  Ack: 0xBBB6BDFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382256029 709157747 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-22:56:30.050459 66.196.65.24:1421 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:39029 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8C3F1C86  Ack: 0xBB8F3552  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:47.159677 24.91.103.152:3919 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27498 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE97652B3  Ack: 0xEE71E54F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:51.521952 24.91.103.152:4208 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28561 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEA59564C  Ack: 0xEF07830C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:52.092041 24.91.103.152:4252 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28688 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEA7B324D  Ack: 0xEE80FDDF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:52.803518 24.91.103.152:4283 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28866 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEA954235  Ack: 0xEEBA8851  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:56.971282 24.91.103.152:4546 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29782 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB603FD9  Ack: 0xEEFEC3FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:10:00.730756 24.91.103.152:1060 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30704 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC315452  Ack: 0xEEF41532  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:10:01.149570 24.91.103.152:1082 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC421AF2  Ack: 0xEEEC3615  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:01.783822 24.91.103.152:1110 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30932 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEC5966D3  Ack: 0xEFA41EAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:02.250242 24.91.103.152:1139 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC702533  Ack: 0xEF26FDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:06.402804 24.91.103.152:1363 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31867 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED1C96E4  Ack: 0xEFE4E58A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:07.000552 24.91.103.152:1408 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31998 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED409F6D  Ack: 0xF0182C0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:07.524208 24.91.103.152:1434 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32117 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED568040  Ack: 0xEF7A75A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:10.998507 24.91.103.152:1697 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32953 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEE286853  Ack: 0xEFFD28B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:14.246625 24.91.103.152:1697 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34242 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEE286853  Ack: 0xEFFD28B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:14.590339 24.91.103.152:1910 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEED26AF5  Ack: 0xEFE5F11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:17.900872 24.91.103.152:1910 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEED26AF5  Ack: 0xEFE5F11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:18.429440 24.91.103.152:2115 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35095 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEF729643  Ack: 0xF07F56C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:19.155748 24.91.103.152:2173 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF9FC7BB  Ack: 0xF0820A32  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:11:28.357060 216.39.48.114:39504 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17170 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6906B3D  Ack: 0xF41943E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382347321 709618531 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:25:12.325691 216.39.48.114:59691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE9EBF95C  Ack: 0x28F86164  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382429699 710040544 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/23-23:37:18.106691 207.44.188.21:80 -> 192.168.1.6:56801
TCP TTL:44 TOS:0x0 ID:45753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0094343  Ack: 0x55DD6236  Win: 0x16A0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1476522485 710412278

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:40:56.024526 216.39.48.84:47165 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8575 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2528E8CD  Ack: 0x639427D3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382519742 710523880 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:41:30.558584 216.39.48.33:44362 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18345 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x27B4DC82  Ack: 0x666B6851  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373267254 710541549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:23:28.640398 216.39.48.54:36458 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA995AEB7  Ack: 0xE76A0CE2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383137655 713675069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:22.239342 24.47.19.144:3380 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16124 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x94EF6B18  Ack: 0x4D2F66EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:25.399084 24.47.19.144:3433 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x951AD7CB  Ack: 0x4CD3C5EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:27.593107 24.47.19.144:3513 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16608 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x955BA593  Ack: 0x4D28B93E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:30.200448 24.47.19.144:3574 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16802 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x958B4C48  Ack: 0x4DCDA88A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:33.068810 24.47.19.144:3646 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17007 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95C8971B  Ack: 0x4D81DA26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:50:38.904755 24.47.19.144:3828 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17580 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96556AAD  Ack: 0x4D9F276D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:50:41.070089 24.47.19.144:3909 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9693062F  Ack: 0x4DFF52D8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:43.212773 24.47.19.144:3981 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18008 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x96CA9CA8  Ack: 0x4E4FB0DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:45.241789 24.47.19.144:4036 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18202 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FA6DA5  Ack: 0x4E02F28A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:58.067820 24.47.19.144:4370 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19377 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x980FEE11  Ack: 0x4F2F2488  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:01.085013 24.47.19.144:4467 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x985BC59C  Ack: 0x4FA96EDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:13.365450 24.47.19.144:4874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20733 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9974FD14  Ack: 0x50322E49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:15.572476 24.47.19.144:1033 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20922 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x99BAFE3B  Ack: 0x5006C169  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:17.768184 24.47.19.144:1079 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21099 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x99E1C574  Ack: 0x50145466  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:20.492354 24.47.19.144:1147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21323 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9A126BF7  Ack: 0x4FF2D9BE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:22.292234 24.47.19.144:1209 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21492 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A490C6F  Ack: 0x50B03DCF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:07:34.363467 209.237.238.158:1053 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:8554 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x4A40C472  Ack: 0x8E37F4FA  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 643326236 715030135 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:15:15.880624 66.196.65.24:9856 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:35521 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x60830C38  Ack: 0xAB335E93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:51:14.634276 216.39.48.94:35170 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34382 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF380D46C  Ack: 0x32C7E994  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383668789 716372155 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-03:14:28.098531 216.39.48.13:60847 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16665 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4C1034D0  Ack: 0x8A8D847C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383809000 717085839 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-03:26:45.280260 216.39.48.84:40062 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:63559 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A888D5B  Ack: 0xB91F3C8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383874350 717463405 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:00:45.307601 216.39.48.64:55433 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51605 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFACA54F1  Ack: 0x39652D87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384081264 718508257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-04:22:07.605907 24.198.198.27:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE77A22CC  Ack: 0x8A57C593  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-04:22:07.626130 24.198.198.27:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE77A2880  Ack: 0x8A57C593  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:43:30.154015 216.39.48.54:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15544 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4FBAD4  Ack: 0xDB533000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384337524 719821889 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:59:00.424097 216.39.48.114:51498 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34865 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD66C7F8D  Ack: 0x16046B88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384432048 720298355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-05:42:31.397345 216.39.48.94:55974 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3986 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7BBCF00E  Ack: 0xBA0F8DBF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384696237 721635609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-05:43:04.558668 216.39.48.104:52545 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7C944AE3  Ack: 0xBC4B4482  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384693095 721652605 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-06:31:06.488215 216.39.48.64:40123 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29101 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x323811DE  Ack: 0x71142B41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384983171 723128645 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:08:53.010421 216.39.48.54:45691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3631 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC1D0DADC  Ack: 0x23282E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385209604 724289485 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:21:49.795947 216.39.48.33:51817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19733 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF153F200  Ack: 0x309C1C9A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376028409 724687338 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:26:17.838365 216.39.48.44:38680 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9987 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2FE8064  Ack: 0x4226711D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375957367 724824582 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:38:39.379503 216.39.48.13:32990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10947 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x311C8EA3  Ack: 0x716AEE06  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385393779 725204399 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:05:22.647669 216.39.48.114:52936 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4693 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95DF14FD  Ack: 0xD5940BA9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385550013 726025557 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:24:54.242467 216.39.48.84:55188 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28685 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFD9CF56  Ack: 0x1F48CF30  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385662826 726625623 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:28:49.547817 206.98.253.78:48529 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:49402 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0xFA0519D4  Ack: 0x2DB9EA56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 60423675 726745400 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:39:59.766304 216.39.48.64:44534 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:48040 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDE2E93CF  Ack: 0x1D898D1D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386476149 730777035 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:40:23.038539 216.39.48.44:51387 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19227 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDF82202F  Ack: 0x1EF92435  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377121604 730788953 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:10.690929 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481126 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:11.110485 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52464 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481168 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:12:43.759570 216.39.48.13:41447 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18000 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x597C7AED  Ack: 0x99665628  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386677935 731782933 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:16:49.680024 216.39.48.114:58749 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4197 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x69879CA7  Ack: 0xA95CDE98  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386698452 731908879 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:21:41.496436 216.39.48.84:48327 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24093 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7B66B3C2  Ack: 0xBBDA1741  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386723303 732058348 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:12:00.609383 216.39.48.84:51386 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60785 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x397A6586  Ack: 0x789E4C1B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387025143 733604649 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:21:36.499772 216.39.48.24:55213 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40991 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5D5F0FD9  Ack: 0x9CEDFC56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 369078228 733899591 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:56:27.082274 216.39.48.104:37926 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:48054 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE152259D  Ack: 0x20CF648F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387292726 734970332 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:18:38.165198 216.39.48.84:49075 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52120 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3519698F  Ack: 0x7504998C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387424805 735652080 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:22:04.986577 66.196.65.24:15216 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:61476 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x59D79A65  Ack: 0x82C5B0A5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:32:06.063119 216.39.48.84:41393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67C1D369  Ack: 0xA8C32B3E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387505576 736065863 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:54:29.268173 216.39.48.74:38288 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53153 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC2022EB  Ack: 0xFCD12124  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387640707 736753812 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-14:07:02.543059 216.39.48.64:34116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19279 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBE750A5  Ack: 0x2B569C31  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387718136 737139609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-16:25:55.157190 216.39.48.74:48215 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39298 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF88A50E9  Ack: 0x38A15965  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388549079 741407079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-16:29:03.153364 216.39.48.207:46748 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45067 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x436A250  Ack: 0x431E668D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65671765 741503615 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:16:22.295578 216.39.48.114:39269 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25024 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6FC141D  Ack: 0xF7501AF8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388855217 742957737 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:21:52.706454 24.236.70.2:3763 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15469 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4C9DE4FF  Ack: 0xC9E76C5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:02.759568 24.236.70.2:3898 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15792 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4D2AE332  Ack: 0xCE17ED9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:06.285451 24.236.70.2:3943 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15915 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D5ADE09  Ack: 0xD2AF2B9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:09.795852 24.236.70.2:4009 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16112 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D979C7D  Ack: 0xD0B52A4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:10.080713 24.236.70.2:4010 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16122 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4D992B3B  Ack: 0xDE23AFE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:22:10.405371 24.236.70.2:4016 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16137 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4D9E3332  Ack: 0xDEF1523  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:22:13.940300 24.236.70.2:4057 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4DCA52EC  Ack: 0xD319676  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:14.202127 24.236.70.2:4066 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16242 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4DD16A95  Ack: 0xD97BE14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:17.698779 24.236.70.2:4108 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16330 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4DFF07A7  Ack: 0xD88982D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:20.889033 24.236.70.2:4111 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16420 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E0263D5  Ack: 0xDCCFFFD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:24.724027 24.236.70.2:4190 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16512 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E565124  Ack: 0xE5225BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:27.992194 24.236.70.2:4229 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16593 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E7FFD7C  Ack: 0xE90F5FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.259059 24.236.70.2:4233 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16608 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4E83BF39  Ack: 0xE7C8E36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.523313 24.236.70.2:4235 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4E863EBE  Ack: 0xE607B44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.782924 24.236.70.2:4238 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16631 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4E8A773F  Ack: 0xEA5DA31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:32.260388 24.236.70.2:4283 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16728 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4EB50718  Ack: 0xEF6CECA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:35.221633 24.236.70.2:4283 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16794 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4EB50718  Ack: 0xEF6CECA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:44:02.868821 216.39.48.207:42732 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61399 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x1F710047  Ack: 0x6015A927  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66121634 743808236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:10.220636 24.29.173.81:1854 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15217 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89F63F48  Ack: 0x765833DA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:13.969574 24.29.173.81:1962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15804 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8A54B09E  Ack: 0x7683508C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:14.094369 24.29.173.81:1968 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15832 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A59BE8E  Ack: 0x772A7E5C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:14.190848 24.29.173.81:1970 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A5BFE2E  Ack: 0x7735DAD2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:23.300211 24.29.173.81:2205 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17118 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B275617  Ack: 0x7729D397  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:50:23.430169 24.29.173.81:2210 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8B2BC951  Ack: 0x7772309B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:50:23.608118 24.29.173.81:2215 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17179 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8B30152A  Ack: 0x7720FD20  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:23.685440 24.29.173.81:2220 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8B341F35  Ack: 0x77897FAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:26.841527 24.29.173.81:2299 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17664 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B77568E  Ack: 0x78010CC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:29.918958 24.29.173.81:2402 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD2C37C  Ack: 0x7788693C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.008035 24.29.173.81:2406 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18221 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD52543  Ack: 0x77D52273  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.200870 24.29.173.81:2409 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18248 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD7D68D  Ack: 0x77685A82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.438248 24.29.173.81:2416 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18307 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BDD8B1E  Ack: 0x7847EA8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.547785 24.29.173.81:2422 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18333 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BE28ECF  Ack: 0x781C41C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.620728 24.29.173.81:2425 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18352 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BE524B2  Ack: 0x78442B63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:33.710456 24.29.173.81:2548 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18960 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C4BF6C4  Ack: 0x7878CFA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-18:11:43.953116 216.39.48.44:56944 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61709 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x87BA4A17  Ack: 0xC7A25C15  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379829037 744658990 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
04/24-18:46:56.379106 192.234.167.242:23158 -> 192.168.1.6:22
TCP TTL:107 TOS:0x0 ID:61429 IpLen:20 DgmLen:1104 DF
***AP*** Seq: 0x477B4CD9  Ack: 0x2F6B9106  Win: 0xF6A0  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS436]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-18:51:37.860752 216.39.48.94:54116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64825 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E72C70F  Ack: 0x5EA03F57  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 389429833 745885080 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-19:57:37.761536 216.39.48.207:56426 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:41928 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x17BC8A6C  Ack: 0x57260BD7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66922941 747913224 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:30.978589 24.95.244.129:3341 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19663 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD2815C1  Ack: 0x8FC05102  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:33.796264 24.95.244.129:3402 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19938 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD5ECEFC  Ack: 0x90132054  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:35.941544 24.95.244.129:3472 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20172 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9C1B05  Ack: 0x90366C32  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:38.716318 24.95.244.129:3525 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20421 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDCCD888  Ack: 0x9072255F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:43.860150 24.95.244.129:3665 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20970 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE494F8C  Ack: 0x90B529E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-20:12:49.136543 24.95.244.129:3802 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21501 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC2F4E7  Ack: 0x906A904C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-20:12:54.070206 24.95.244.129:3930 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21989 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF33FC36  Ack: 0x9110EA0B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:55.877316 24.95.244.129:3975 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22175 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF5D10EE  Ack: 0x9172B544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:57.844134 24.95.244.129:4020 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22397 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF86727B  Ack: 0x91C7B79C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:02.936058 24.95.244.129:4152 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22926 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFCA0DC  Ack: 0x91FC2CE7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:05.478802 24.95.244.129:4213 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23163 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x10314E99  Ack: 0x922FA3F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:17.123740 24.95.244.129:4496 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x112A05C8  Ack: 0x92D06FE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:28.073679 24.95.244.129:4795 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25405 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x123005AA  Ack: 0x93161981  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:31.042254 24.95.244.129:4795 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x123005AA  Ack: 0x93161981  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:39.254016 24.95.244.129:1125 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13360682  Ack: 0x93F9D3D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:41.577503 24.95.244.129:1181 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1367EC60  Ack: 0x943AF405  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:52.210040 24.95.244.129:1471 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:27907 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1467272F  Ack: 0x94378E95  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:02:27.929562 216.39.50.114:54998 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC66F7A8  Ack: 0x4D1AD866  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390211469 749905657 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:18:43.139933 24.209.203.150:3028 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58653 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x26861C3E  Ack: 0x8B0A8B62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:18:43.158477 24.209.203.150:3028 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x268621F2  Ack: 0x8B0A8B62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:37:59.655433 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27666 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8ABFBDA9  Ack: 0xD3C74DCC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:37:59.676221 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27667 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8ABFC35D  Ack: 0xD3C74DCC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:38:25.151359 66.196.65.24:18434 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:18078 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9B1807B6  Ack: 0xD59783C6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:38:25.713408 66.196.65.24:18434 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:18079 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9B1807B6  Ack: 0xD59783C6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:43:05.440086 216.39.50.84:58178 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50541 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA5C50B14  Ack: 0xE6D8B077  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390450824 751154077 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:52:02.556109 216.39.50.24:35027 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57510 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC7EF06B0  Ack: 0x8839FF8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372499992 751429187 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:14:17.158745 24.128.89.17:3648 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E3ED799  Ack: 0x5CEF91A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:14:17.161450 24.128.89.17:3648 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28372 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E3EDD4D  Ack: 0x5CEF91A8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:18:52.190648 216.39.50.54:39943 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8483 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2CFA3EE4  Ack: 0x6DA2FA2C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390668239 752253594 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:40:29.549164 216.39.50.114:55603 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20976 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7ED47196  Ack: 0xBF1F139C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390799496 752918063 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:46:36.091743 24.93.116.225:4207 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60875 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF02EF7EA  Ack: 0xD6BC82C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:46:36.096246 24.93.116.225:4207 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60876 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF02EFD9E  Ack: 0xD6BC82C0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:51:26.752533 66.196.65.24:21739 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:8071 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDBE72DDD  Ack: 0xE88B7036  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:18:53.565776 216.39.50.33:50720 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x10161611  Ack: 0x504E296F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381769187 754098112 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:37:39.870419 216.39.50.44:33778 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:63698 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x56CB689E  Ack: 0x975E4C43  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381784155 754674973 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:56:52.639219 216.39.50.84:46150 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64220 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9F01F785  Ack: 0xDF72E9A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391253355 755265387 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-00:48:13.860735 216.39.50.94:42632 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59756 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x610D375B  Ack: 0xA13BB567  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391568959 756843495 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-00:50:15.540960 66.196.65.24:44120 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:57838 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD7DAC1C  Ack: 0xA9CDDF45  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:06:55.107000 216.39.50.94:42246 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59862 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA72C7DDC  Ack: 0xE7D85954  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391681058 757417738 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:19:07.568707 216.39.50.114:55304 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5406 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD503B087  Ack: 0x16936B24  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391751079 757792915 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:50:41.276632 216.39.50.24:34812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CB1C701  Ack: 0x8E490374  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373931512 758762809 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:09:20.298723 66.196.65.24:58302 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:17727 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x244AF14A  Ack: 0xD4844FE4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:17:29.025277 216.39.50.74:52272 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42383 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2484AC9  Ack: 0xF36ABE8A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392097621 759586241 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:57:21.890523 216.39.50.74:42285 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50622 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x48F95079  Ack: 0x8A0525D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392336851 760811807 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:06:01.127041 216.39.50.24:33799 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33791 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x699F20F7  Ack: 0xAA13364B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374383386 761077744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:34:09.328354 216.39.50.54:58163 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12806 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD2E1C98D  Ack: 0x151A7D7E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392559509 761942400 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:41:23.265521 66.196.65.24:26688 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:34897 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8342F81F  Ack: 0x2F70B96E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:55:19.766597 216.39.50.64:38922 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x23071D88  Ack: 0x6504DC44  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392686697 762593077 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-04:17:38.498155 216.39.50.13:48639 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43154 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x77E4A42F  Ack: 0xB96CE4CF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392826059 763278740 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:14:11.470101 216.39.50.33:54760 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28230 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CE9B498  Ack: 0x8ED865DB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383900384 765016522 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:15:39.973386 216.39.50.44:45001 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42169 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x51FD24FE  Ack: 0x940374DC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383811672 765061843 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:21:33.130190 66.196.65.24:7374 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:14532 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDEA8BE20  Ack: 0xA9B87513  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:57:14.069521 216.39.50.74:44347 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43887 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF56A71F  Ack: 0x320E8C86  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 393415811 766339240 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-06:26:45.643847 216.39.50.24:48854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5F133C9F  Ack: 0xA1807D8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375587541 767246603 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-07:32:56.417654 216.39.50.64:58723 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16448 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D99756  Ack: 0x9B3ADFDC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 393992056 769280317 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:05:44.908207 216.39.50.114:55929 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8102 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FFC23A  Ack: 0x168D0C09  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394190252 770288514 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:16:42.906576 216.39.50.54:52614 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:38439 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFECC4E54  Ack: 0x40EAA31F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394254468 770625528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:17:35.100774 216.39.50.74:48143 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2031197  Ack: 0x43EF38C2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394257714 770652257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:33:36.794624 216.39.50.54:57213 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18187 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3E072361  Ack: 0x80282B01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394355833 771144800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:34:04.844238 216.39.50.94:48763 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F97A49D  Ack: 0x81F84690  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394363437 771159180 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-08:34:34.753261 24.245.10.192:3736 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x424DA375  Ack: 0x83D5F5F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-08:34:34.762383 24.245.10.192:3736 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10963 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x424DA929  Ack: 0x83D5F5F2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:36:44.679454 216.39.50.33:56932 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21648 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A693055  Ack: 0x8B8454FC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385115367 771241043 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:47:10.701566 216.39.50.84:49942 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x727885C0  Ack: 0xB39524C5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394434415 771561672 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-09:21:10.802172 216.39.50.24:56389 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53284 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF18F2999  Ack: 0x336E99AB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376633799 772606553 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-09:58:40.281823 216.39.50.74:33686 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42409 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7F8B806F  Ack: 0xC1B496B5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394864087 773758665 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-10:03:39.573664 216.39.50.64:52566 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42381 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x91BA0699  Ack: 0xD3EC6F66  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394896160 773911959 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-10:32:41.423658 216.39.50.54:51812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44599 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75E496  Ack: 0x41412489  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395070127 774804074 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-11:50:28.735667 216.39.50.74:50491 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25D7E90F  Ack: 0x67314393  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395534772 777194528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:11:44.965699 216.39.50.84:44821 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9021 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75ED73E0  Ack: 0xB85E0E29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395661554 777848192 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:17:17.919299 216.39.50.64:51189 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57216 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8B7701FD  Ack: 0xCD092ECE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395697807 778018723 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:41:56.121769 66.196.65.24:32893 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:22446 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x367D6B8C  Ack: 0x2AF43CD6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-12:59:20.272349 24.209.37.151:1193 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA0E32C  Ack: 0x6BDEEB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-12:59:20.344485 24.209.37.151:1193 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36605 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA0E8E0  Ack: 0x6BDEEB09  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-13:16:23.595868 24.209.37.151:2483 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8137 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C1889DF  Ack: 0xABF12651  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-13:16:23.618369 24.209.37.151:2483 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8138 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C188F93  Ack: 0xABF12651  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:03:54.945419 66.77.73.149:1829 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:29624 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0x6C01760F  Ack: 0x6023D7B1  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 138556507 781295103 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:08:43.127168 216.39.50.104:34958 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20886 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x305158EE  Ack: 0x71E8F13D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396364166 781442689 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:34:55.392436 216.39.50.114:45741 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39320 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x937BE559  Ack: 0xD480A1CE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396524763 782247957 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:41:51.027713 216.39.50.64:51905 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64173 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACBAE30F  Ack: 0xEEF1AAB6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396564914 782460831 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:11:24.613908 216.39.50.33:46578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33623 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1CD5076B  Ack: 0x5DF9E4CC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387482700 783369213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:30:05.597107 216.39.50.104:54488 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x62E85972  Ack: 0xA636069B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396852296 783943334 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:32:44.754792 216.39.50.74:52564 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42129 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6DED1D45  Ack: 0xB00A851E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396868057 784024860 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:13:13.138921 216.39.50.64:40522 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19943 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7143B7E  Ack: 0x4877326B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397112997 785268611 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:13:32.698904 216.39.50.24:43619 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49053 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x82A07BE  Ack: 0x4939BA87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379107379 785278629 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:24:26.767311 24.193.243.23:4642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10429 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xBBF25F6E  Ack: 0x725562EE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:24:26.772710 24.193.243.23:4642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10430 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xBBF2645A  Ack: 0x725562EE  Win: 0x44E8  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:00.658862 24.242.248.248:2909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2205 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAF75F0A5  Ack: 0xEA2286E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:25.102947 24.242.248.248:1302 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11055 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB4BB85FE  Ack: 0xEAE63D24  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:39.195423 24.242.248.248:3948 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16526 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBC53C6CF  Ack: 0xED1FC196  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:40.810789 24.242.248.248:4943 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17173 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDD667F1  Ack: 0xEC78CC5B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:56:42.896639 24.242.248.248:1304 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17790 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBEAEC8B4  Ack: 0xEC72292B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:56:44.715636 24.242.248.248:1522 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18562 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF524915  Ack: 0xED42C1A3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:46.386782 24.242.248.248:1737 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBFEE171B  Ack: 0xECC69BA6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:48.038811 24.242.248.248:1967 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19792 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC094153D  Ack: 0xECDB00B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:49.471002 24.242.248.248:2165 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC124E398  Ack: 0xED2410D4  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:57.706004 24.242.248.248:2813 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC3122B08  Ack: 0xEDEE936E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:02.400503 24.242.248.248:3431 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25468 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC4D6AD4A  Ack: 0xEDC3A1FC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:04.286739 24.242.248.248:4186 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26260 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC679351C  Ack: 0xEDB46508  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:15.004623 24.242.248.248:4401 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30181 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6EBEB8A  Ack: 0xEE4160DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:16.491000 24.242.248.248:2134 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30867 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCB046A68  Ack: 0xEEA20FBD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:24.644249 24.242.248.248:2745 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33896 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCCD139CE  Ack: 0xEF86F06F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:02.460714 24.71.58.208:3504 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35444 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x418800AE  Ack: 0xF51EDCEF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:05.682922 24.71.58.208:3540 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35537 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x41AE38F3  Ack: 0xF50EA8E2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:06.192653 24.71.58.208:3550 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35561 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41B6D253  Ack: 0xF5315815  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:06.690708 24.71.58.208:3563 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41C38FB4  Ack: 0xF5FF77B6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:09.570953 24.71.58.208:3563 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35734 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41C38FB4  Ack: 0xF5FF77B6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:13.513478 24.71.58.208:3621 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35964 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x41FC45DB  Ack: 0xF56DDE9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:59:23.293926 24.71.58.208:3813 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36297 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x42B484A5  Ack: 0xF6D99C96  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:59:23.850971 24.71.58.208:3820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x42BBEEB6  Ack: 0xF61B429A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:24.493802 24.71.58.208:3825 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36353 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x42C176F1  Ack: 0xF708B649  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:28.268067 24.71.58.208:3892 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36549 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x42FF4BE3  Ack: 0xF6C5BCFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:28.831950 24.71.58.208:3899 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4306B94C  Ack: 0xF705D017  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:38.606664 24.71.58.208:4049 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37002 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x439521D1  Ack: 0xF7439CE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.104237 24.71.58.208:4055 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x439B8271  Ack: 0xF76156F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.604036 24.71.58.208:4064 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x43A4B051  Ack: 0xF764F089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.944588 24.71.58.208:4070 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37073 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43A99D6F  Ack: 0xF7FAA051  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:40.286965 24.71.58.208:4077 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37096 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x43B04DC1  Ack: 0xF72AA7F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:40.771873 24.71.58.208:4085 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43B75D3A  Ack: 0xF7327850  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:03:15.653628 64.68.82.14:27145 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:16588 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC24AA6C7  Ack: 0x51BC08D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1537992274 786806118 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:07:52.160890 66.196.65.24:15020 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:50799 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x23324D0F  Ack: 0x17095465  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.964587 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE20267  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.976676 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE2081B  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:09.246121 24.242.248.248:2289 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33142 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6E9175A  Ack: 0x27354972  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:17.667676 24.242.248.248:2924 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36139 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8BBC6F1  Ack: 0x27912C49  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:21.844199 24.242.248.248:3548 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37711 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA6E578B  Ack: 0x279509DF  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:26.733639 24.242.248.248:1089 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39427 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD47CDB4  Ack: 0x28735962  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:28.438108 24.242.248.248:1235 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39896 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAE2835  Ack: 0x28281C14  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:12:29.880009 24.242.248.248:1352 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:40463 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE078E71  Ack: 0x28383752  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:12:35.168105 24.242.248.248:1971 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42335 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC6A644  Ack: 0x28869A56  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:36.860467 24.242.248.248:2313 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42987 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x10BE74D9  Ack: 0x2942B8B5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:38.629560 24.242.248.248:2467 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x112C815B  Ack: 0x28734FFA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:44.128443 24.242.248.248:3109 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13065E23  Ack: 0x298608D8  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:51.566638 24.242.248.248:3729 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48328 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x14CCE6A7  Ack: 0x29BF8587  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:53.484272 24.242.248.248:4575 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49080 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x16745E53  Ack: 0x29A34350  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:55.794406 24.242.248.248:4923 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49840 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x16FC6AB9  Ack: 0x29FAD8B5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:57.833900 24.242.248.248:1362 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50591 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x180B820C  Ack: 0x2A0CC6E3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:59.633786 24.242.248.248:1538 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51324 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x188F2E15  Ack: 0x2A97570E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:13:04.126634 24.242.248.248:1706 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53199 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x190E5BAF  Ack: 0x2AD49E02  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:18:42.058542 65.214.36.114:41252 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:59843 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xA7E316A7  Ack: 0x3F7553CD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 146800593 787280411 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.240729 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B63BD  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.269817 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B6971  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:47:11.216933 216.39.50.33:45880 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2286 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6887CED8  Ack: 0xAB5939C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388417101 788156246 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:11:52.463085 24.209.37.151:3062 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDB6D907  Ack: 0x774CB19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:11:52.513794 24.209.37.151:3062 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDB6DEBB  Ack: 0x774CB19  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:16:15.756487 216.39.50.54:47605 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18691 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD70CF010  Ack: 0x1894CED6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397850907 789049768 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:22:58.340870 216.39.50.64:52484 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:54671 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF378378  Ack: 0x327B2B0E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397891335 789255959 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:29:31.119361 216.39.50.84:34611 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49882 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8862611  Ack: 0x4A84A860  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397927637 789457125 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:29:47.407658 66.196.65.24:30717 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:50063 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2AC56EE1  Ack: 0x4B92FA54  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:37:26.493774 216.39.50.84:38266 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4512 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25F98FF2  Ack: 0x695A00F0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397975164 789700602 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.900636 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32844 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB843C  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.926782 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB89F0  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:57:19.760703 24.209.37.151:2395 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC558D8AF  Ack: 0xB3119ACC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:57:19.783580 24.209.37.151:2395 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC558DE63  Ack: 0xB3119ACC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:00:40.000225 24.193.153.146:4947 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A0CA8C  Ack: 0xC022461B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:00:40.019367 24.193.153.146:4947 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A0D040  Ack: 0xC022461B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:21:10.737835 24.209.37.151:3230 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37172 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D04D463  Ack: 0xD87F9CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:21:10.764117 24.209.37.151:3230 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37173 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D04DA17  Ack: 0xD87F9CD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-19:21:46.546622 216.39.50.74:58900 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42851 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xCDD51707  Ack: 0x1024DC0B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398241908 791063000 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:31:07.862266 24.209.37.151:3855 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36996 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8EA5BBF4  Ack: 0x334FF71D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:31:07.882311 24.209.37.151:3855 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36997 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8EA5C1A8  Ack: 0x334FF71D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-19:46:59.133631 216.39.50.84:41727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24877 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D819AD7  Ack: 0x6EDCFE80  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398392330 791837704 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:26:12.470256 66.196.65.24:38135 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:21689 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFD1C7F5C  Ack: 0x4BAD5DB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:30:04.392284 216.39.50.104:52915 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64434 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD06A0AF7  Ack: 0x1387F1AE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398651745 793161717 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/25-20:49:07.407314 204.228.224.37:3265 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55183 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xC15D7E4F  Ack: 0x5A6D6852  Win: 0x2238  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:43.905878 24.202.15.240:1126 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58271 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD21F170C  Ack: 0x68A10067  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:44.651316 24.202.15.240:1137 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58297 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD229433B  Ack: 0x68A28EB7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:45.468106 24.202.15.240:1140 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58338 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD22E8C1A  Ack: 0x6852D730  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:46.181000 24.202.15.240:1145 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58377 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD233AFC7  Ack: 0x68E060D6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:56.512192 24.202.15.240:1344 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59098 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2ED89D5  Ack: 0x6958F6F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:52:57.190456 24.202.15.240:1351 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD2F62C70  Ack: 0x68B1E484  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:53:04.305243 24.202.15.240:1437 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59537 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD342407F  Ack: 0x69626922  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:04.909360 24.202.15.240:1485 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59566 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD3724882  Ack: 0x695B7A42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:05.705042 24.202.15.240:1495 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD37CEA8B  Ack: 0x69F32457  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:09.574259 24.202.15.240:1541 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3ABC26F  Ack: 0x6A1D2A8C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:10.335655 24.202.15.240:1571 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59845 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3C2F02C  Ack: 0x69A047D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:17.329659 24.202.15.240:1617 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60187 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3F42E67  Ack: 0x69FA3037  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:18.146341 24.202.15.240:1689 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60216 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD4388C6E  Ack: 0x6A1C8D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:18.885926 24.202.15.240:1695 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60253 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD43F0D0D  Ack: 0x6A1E2797  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:19.618070 24.202.15.240:1700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60269 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD444E8C0  Ack: 0x6A0FD353  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:20.420298 24.202.15.240:1706 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60320 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD44C15E9  Ack: 0x6A6D5DD8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:21.354308 24.98.28.21:2653 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19415 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x813025BC  Ack: 0x6B02550C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:21.364972 24.98.28.21:2653 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81302B70  Ack: 0x6B02550C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:26:11.100693 216.239.46.140:19853 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:46419 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xA39BAE84  Ack: 0xE65344C6  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 102090432 794882759 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:30:09.755827 216.39.50.94:50144 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2B14AD9  Ack: 0xF5BFDF47  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 399018894 795008357 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:29.259416 24.166.45.37:4192 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34390 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x547E6532  Ack: 0xFE08D073  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:29.968374 24.166.45.37:4207 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34479 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x548B341E  Ack: 0xFE24D68D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:30.100885 24.166.45.37:4213 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34499 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5490FF39  Ack: 0xFEB5BC6F  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:33.410431 24.166.45.37:4322 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34955 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54EDD015  Ack: 0xFF2FAB2E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:32:36.790483 24.166.45.37:4437 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35475 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x554D0207  Ack: 0xFF567A7A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:32:37.056029 24.166.45.37:4450 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35518 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55587183  Ack: 0xFE97690A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:37.269161 24.166.45.37:4457 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35553 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x555E3CBF  Ack: 0xFF56B5FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:37.534041 24.166.45.37:4466 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35597 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x556651DA  Ack: 0xFEEAD929  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:46.920067 24.166.45.37:4823 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36940 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x567A2B15  Ack: 0xFFE2F1EF  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:56.285611 24.166.45.37:1272 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x579D0938  Ack: 0xC763F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:05.456680 24.166.45.37:1557 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5890FBDB  Ack: 0x102472F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:08.750029 24.166.45.37:1678 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39978 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x58F2E471  Ack: 0xCE2F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:11.640309 24.166.45.37:1678 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40382 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x58F2E471  Ack: 0xCE2F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:11.972219 24.166.45.37:1795 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40431 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5957E373  Ack: 0x125BF65  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:12.082739 24.166.45.37:1800 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40449 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x595C3FF7  Ack: 0x10962D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:12.197662 24.166.45.37:1804 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40465 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x595FBDF1  Ack: 0x194AF77  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:18.349796 24.84.101.194:4490 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21202 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x928830CE  Ack: 0xB7A4339A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:19.259305 24.84.101.194:1041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21325 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x92924A7C  Ack: 0xB6F1821E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:22.948775 24.84.101.194:3095 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21908 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x92D50ED6  Ack: 0xB74E9565  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:32.494935 24.84.101.194:4937 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23525 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93896B32  Ack: 0xB79499F6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:42.664366 24.84.101.194:4967 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25166 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9440869E  Ack: 0xB82A7839  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:21:46.506406 24.84.101.194:4946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25644 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x947150A6  Ack: 0xB9288138  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:21:47.230335 24.84.101.194:4951 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25753 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9480AC38  Ack: 0xB954A34B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:09.269229 24.84.101.194:4946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28868 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x95C22576  Ack: 0xBA803B6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:18.747967 24.84.101.194:4919 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30227 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x965E690C  Ack: 0xBA6D7CAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:19.590599 24.84.101.194:4994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30343 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96654F71  Ack: 0xBAF7168B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:20.820584 24.84.101.194:1114 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30537 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96753C63  Ack: 0xBA9C5A44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:21.663166 24.84.101.194:3977 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x968305F9  Ack: 0xBAA00238  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:22:21.732764 66.196.65.24:60375 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:43037 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC426E1A  Ack: 0xBB166EDD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:22.424987 24.84.101.194:1041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30794 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9695AA3D  Ack: 0xBAB69BFB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:32.036512 24.84.101.194:4965 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32248 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x972FB5C5  Ack: 0xBB7BF316  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:32.388519 24.84.101.194:1334 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32316 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97376CAD  Ack: 0xBBBFC8A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:42.363165 24.84.101.194:4988 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33889 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97E261A9  Ack: 0xBBF20E5E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:27:56.608003 24.62.112.148:2975 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31248 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA35F51BC  Ack: 0xD062CD45  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:27:57.575600 24.62.112.148:3016 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31421 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA382542F  Ack: 0xCF9947C8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:00.879587 24.62.112.148:3146 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31993 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3EF2A67  Ack: 0xD093AF98  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:01.168059 24.62.112.148:3166 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3FEFF30  Ack: 0xD0947D71  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:01.512628 24.62.112.148:3183 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA40D06F9  Ack: 0xCFCD3D0C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:28:01.738925 24.62.112.148:3196 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32182 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA418183C  Ack: 0xD0534B0C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:28:02.018236 24.62.112.148:3211 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32235 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA42422C3  Ack: 0xD04D6FA4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.219097 24.62.112.148:3228 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32285 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4305686  Ack: 0xD06910B2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.444947 24.62.112.148:3236 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32324 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4366ABC  Ack: 0xCFCB451E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.763249 24.62.112.148:3249 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4409500  Ack: 0xD0A29A86  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:06.029890 24.62.112.148:3263 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA44BFD67  Ack: 0xD0BA0D45  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:09.420187 24.62.112.148:3405 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33588 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4BEE8D2  Ack: 0xD02C866A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:13.033920 24.62.112.148:3662 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34208 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA594F054  Ack: 0xD089DD77  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:13.653560 24.62.112.148:3685 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5A845B2  Ack: 0xD0ED5578  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:17.231336 24.62.112.148:3715 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34872 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5C0B286  Ack: 0xD12ED771  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:20.916133 24.62.112.148:3957 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35534 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6913482  Ack: 0xD189316C  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:51:46.860984 216.39.50.24:32774 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:484 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE6852A61  Ack: 0x2A90A4E4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381496207 797516508 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-00:17:47.644745 24.209.37.151:2701 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA4E8A7F  Ack: 0x6D6917EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-00:17:47.664464 24.209.37.151:2701 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA4E9033  Ack: 0x6D6917EE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-00:46:23.414399 216.39.50.13:42080 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60582 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9754698C  Ack: 0xDB457C74  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 400196928 801038453 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:02:17.095121 216.39.50.24:51657 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60983 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FBF35C  Ack: 0x17670354  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382279038 801526905 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:37.398771 24.74.33.155:1548 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x94F3F73E  Ack: 0x2033FC6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:38.809652 24.74.33.155:1602 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x95229DA2  Ack: 0x206ED5E0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:40.317066 24.74.33.155:1635 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x954043B1  Ack: 0x2084D6E7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:42.001972 24.74.33.155:1674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9562A9B1  Ack: 0x20F65D54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:43.687969 24.74.33.155:1734 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:455 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9594ECAA  Ack: 0x21283A2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:04:45.208354 24.74.33.155:1771 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95B6726E  Ack: 0x20F57A6B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:04:46.994168 24.74.33.155:1817 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:922 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95DB0B18  Ack: 0x211FBFF2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:50.313520 24.74.33.155:1912 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1364 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96300839  Ack: 0x2195AB89  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:52.011542 24.74.33.155:1964 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x965DB6D3  Ack: 0x21038235  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:57.193715 24.74.33.155:2101 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2278 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96D5A696  Ack: 0x21DF7704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:58.530384 24.74.33.155:2159 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97083283  Ack: 0x21797A7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:00.162014 24.74.33.155:2187 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2689 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9721E31E  Ack: 0x21DDE5E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:04.691392 24.74.33.155:2329 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3363 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x979CCB3C  Ack: 0x2201DCE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:06.249794 24.74.33.155:2367 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3592 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97BF4999  Ack: 0x2248BC7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:10.892904 24.74.33.155:2509 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x98386E33  Ack: 0x22B73E7F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:24:26.663933 24.53.7.79:3031 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF9BCB93  Ack: 0x6A14F313  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:24:26.674323 24.53.7.79:3031 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF9BD147  Ack: 0x6A14F313  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:57:10.758838 216.39.50.13:60356 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23248 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA297A53D  Ack: 0xE6241496  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 400621569 803213825 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:36.659054 24.130.75.33:1905 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:40787 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCD1C03FF  Ack: 0x596FCC0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:37.852122 24.130.75.33:1943 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:40905 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD3E2E9F  Ack: 0x597E7BBF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:41.669948 24.130.75.33:1951 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:41321 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD45FEE9  Ack: 0x5947BB47  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:42.564309 24.130.75.33:2057 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:41377 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD9F35F4  Ack: 0x59C55691  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:56.020712 24.130.75.33:2076 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x59FEF31F  Ack: 0xCDAF2760  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-03:29:11.145666 216.39.50.24:36309 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18314 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFD69C81E  Ack: 0x41E331CC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383160226 806041213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-04:39:06.313854 216.39.50.94:40237 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56124 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D15A5  Ack: 0x49AB7C28  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 401591979 808189855 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-04:56:21.007778 66.196.65.24:49023 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:20248 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x382A9F64  Ack: 0x8ABFD25C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:06:32.378823 66.196.65.24:8614 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:26806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41E2FCF3  Ack: 0x5A4DDA1B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:37:08.944010 216.39.50.114:43965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43814 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x88C92088  Ack: 0xCCE03CE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 403016624 815504994 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:15.319747 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38583 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B70DA1  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:15.328394 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38584 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B71355  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:18.599058 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B70DA1  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:40:49.078262 216.39.50.24:44851 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42017 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x96C5B1B6  Ack: 0xDA074959  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385029559 815617741 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-09:39:19.188677 216.39.50.104:50185 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10330 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x73A106BB  Ack: 0xB7FFE849  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 403386095 817415515 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-10:55:40.736964 24.209.37.151:1611 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:60277 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4548EA91  Ack: 0xD878E08A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-10:55:40.758229 24.209.37.151:1611 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:60278 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4548F045  Ack: 0xD878E08A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:18:32.944991 24.209.37.151:3491 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:31496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3466B096  Ack: 0x2EDF4619  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:18:32.965237 24.209.37.151:3491 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:31497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3466B64A  Ack: 0x2EDF4619  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-11:30:26.591966 216.39.50.24:45976 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21444 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x17D7CF85  Ack: 0x5C1B9957  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386047059 820830360 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:54:59.019033 24.209.37.151:2655 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:6662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xACEE588F  Ack: 0xB88B5F67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:54:59.040413 24.209.37.151:2655 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:6663 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xACEE5E43  Ack: 0xB88B5F67  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:08:58.337972 24.203.10.194:4385 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38207 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF2A7150E  Ack: 0xECF2E46F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:08:59.218054 24.203.10.194:4400 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38280 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF2B5CFD9  Ack: 0xECCBBD6F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:02.889132 24.203.10.194:4497 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38622 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF30697AD  Ack: 0xEDB66F51  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:03.096526 24.203.10.194:4500 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38642 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF309D6F2  Ack: 0xED9CA4C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:06.786754 24.203.10.194:4539 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF333A34C  Ack: 0xEE1BEB36  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-12:09:06.988270 24.203.10.194:4542 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF3368B41  Ack: 0xEDB85FA5  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-12:09:07.200795 24.203.10.194:4547 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38765 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF33AE7C2  Ack: 0xEDB1B216  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.384065 24.203.10.194:4551 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38774 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF33E5E92  Ack: 0xEE28C852  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.634417 24.203.10.194:4554 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38788 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF34102DD  Ack: 0xEDBEFA7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.826481 24.203.10.194:4559 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38800 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF34597BA  Ack: 0xEDCE8ABE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.995643 24.203.10.194:4562 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF347E533  Ack: 0xED7ACD59  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.394008 24.203.10.194:4600 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF3700F00  Ack: 0xED7D5399  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.598532 24.203.10.194:4601 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38934 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF371B601  Ack: 0xEE55E923  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.784292 24.203.10.194:4604 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF374F22B  Ack: 0xEDF8F8B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:14.737910 24.203.10.194:4604 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39325 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF374F22B  Ack: 0xEDF8F8B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:14.933386 24.203.10.194:4698 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39331 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF3C637B4  Ack: 0xEE3DC3E9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:18.467491 24.203.10.194:4746 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39484 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF3F6EC43  Ack: 0xEE66AF1D  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-13:33:58.393128 209.237.238.158:4076 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:8919 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAD798A11  Ack: 0x2E643EB7  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 664721590 824626467 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:15.711387 24.148.73.90:2090 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE692FFA5  Ack: 0xA1031CEE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:18.028588 24.148.73.90:2148 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44774 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6C7ED2C  Ack: 0xA02D17E3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:23.063256 24.148.73.90:2396 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE78FF7D3  Ack: 0xA0F2471D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:25.231601 24.148.73.90:2438 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45956 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE7B7073F  Ack: 0xA1910EC7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:29.912168 24.148.73.90:2699 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8857F7E  Ack: 0xA16D01C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:04:31.519352 24.148.73.90:2874 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46908 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE911CF1D  Ack: 0xA1DE5414  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:04:33.470998 24.148.73.90:2917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE9367F71  Ack: 0xA11B513A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:35.212085 24.148.73.90:2994 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47575 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE973FF11  Ack: 0xA1EA19E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:36.714761 24.148.73.90:3134 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47714 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9E25415  Ack: 0xA1851790  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:38.561346 24.148.73.90:3170 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:48025 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA02D1D0  Ack: 0xA1875ACC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:37:35.682224 216.39.50.114:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35166 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDBA60100  Ack: 0x1F116294  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 405178800 826581568 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/26-17:02:20.038718 216.26.174.110:80 -> 192.168.1.6:59821
TCP TTL:111 TOS:0x0 ID:989 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E9445AF  Ack: 0x41F1CA31  Win: 0xF95D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 6820121 831029448

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-17:49:43.405511 66.196.65.24:19738 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:16765 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD501710E  Ack: 0xF43E6D6C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-19:37:48.194949 64.68.82.34:32493 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:58480 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x47763EDA  Ack: 0x8C8E093F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 517659605 835805644 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-19:48:38.364874 24.100.46.121:3702 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:49688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89E9A2F5  Ack: 0xB5146F48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-19:48:38.429211 24.100.46.121:3702 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:49689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89E9A8A9  Ack: 0xB5146F48  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.512031 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DB6E8  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.543101 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DBC9C  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:18:06.878781 24.209.37.151:3130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2103 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDDCB3CA  Ack: 0xEA340DD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:18:06.929340 24.209.37.151:3130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2104 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDDCB97E  Ack: 0xEA340DD3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.689940 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE23679EE  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.713916 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE2367FA2  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:47:54.415101 24.44.2.165:3809 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11674B9A  Ack: 0x5B626E02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:03.994523 24.44.2.165:3919 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:65256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11D9B716  Ack: 0x5BF2A4BA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.121455 24.44.2.165:3957 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12027922  Ack: 0x5B6730B1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.250051 24.44.2.165:3960 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1204A09D  Ack: 0x5C223A94  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.371094 24.44.2.165:3961 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:640 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1205FD17  Ack: 0x5B2AF64D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:10.486811 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3515 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.346679 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4890 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.623816 24.44.2.165:4037 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12553F17  Ack: 0x5C1D1411  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.740254 24.44.2.165:4040 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5080 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x12582011  Ack: 0x5B993493  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.861361 24.44.2.165:4041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12596D8A  Ack: 0x5B920D49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:16.964851 24.44.2.165:4080 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:6568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1281A2D2  Ack: 0x5BBF8CF2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.120313 24.44.2.165:4112 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A4DEBC  Ack: 0x5CBC9489  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.282620 24.44.2.165:4115 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A73A18  Ack: 0x5C22F7F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.462504 24.44.2.165:4118 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8188 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x12AA47C0  Ack: 0x5CB255F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.595268 24.44.2.165:4124 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8198 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12AF6A5E  Ack: 0x5C603979  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.725804 24.44.2.165:4125 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8208 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x12B0F8B4  Ack: 0x5CF4D7FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:23.842347 24.44.2.165:4164 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8284 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12D6A816  Ack: 0x5D1AEB74  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.400236 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311090  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.430654 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311644  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-23:40:12.825729 66.237.60.23:4552 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:18539 IpLen:20 DgmLen:78 DF
***AP*** Seq: 0xC351FB75  Ack: 0x1FB87E93  Win: 0xE240  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1380123933 843256376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.427920 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E63A9  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.458144 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E695D  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:18.761864 24.71.47.173:3046 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59034 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB92D7663  Ack: 0x91B4169B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:19.367714 24.71.47.173:3069 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59156 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB93F95F2  Ack: 0x9190629F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:19.830571 24.71.47.173:3081 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB949A128  Ack: 0x915B2298  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:20.202694 24.71.47.173:3095 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59322 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB955A557  Ack: 0x923DC820  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:20.564357 24.71.47.173:3104 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59487 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB95DC689  Ack: 0x920833CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-00:10:20.986351 24.71.47.173:3115 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59563 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB967F4CF  Ack: 0x91627D35  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-00:10:21.318596 24.71.47.173:3128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59630 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB972D773  Ack: 0x92445339  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:21.681469 24.71.47.173:3134 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB978AE51  Ack: 0x9231947C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:22.012004 24.71.47.173:3146 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59785 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9828FC7  Ack: 0x923CBA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:24.929599 24.71.47.173:3146 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60340 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9828FC7  Ack: 0x923CBA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:25.680210 24.71.47.173:3259 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60491 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9E4E4FC  Ack: 0x926D609F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:29.393922 24.71.47.173:3412 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61322 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA5FA531  Ack: 0x9207D233  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:29.749761 24.71.47.173:3426 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA6B04D7  Ack: 0x91D8863C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:33.319251 24.71.47.173:3545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62394 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBAD3B55B  Ack: 0x92899211  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.264819 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB76DF  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.294652 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43517 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB7C93  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:21:21.842009 24.209.37.151:2293 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:59220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60F124D2  Ack: 0x9E6E0897  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:21:21.884479 24.209.37.151:2293 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:59221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60F12A86  Ack: 0x9E6E0897  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:29:45.269897 24.217.19.177:4652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27067 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7628262C  Ack: 0xBECCB339  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:29:45.275668 24.217.19.177:4652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27068 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76282BE0  Ack: 0xBECCB339  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-02:38:55.763481 24.98.68.183:1882 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:65203 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97B2EF26  Ack: 0xC3BC43F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-02:38:55.771511 24.98.68.183:1882 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:65204 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97B2F4DA  Ack: 0xC3BC43F4  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:30.757901 24.153.56.26:3531 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56578 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x14CC7422  Ack: 0xCA3F0555  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:33.075029 24.153.56.26:3558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56775 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x14E907E9  Ack: 0xCA2D0000  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:34.909260 24.153.56.26:3586 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56929 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x15041BDF  Ack: 0xCAA86570  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:36.759486 24.153.56.26:3610 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57080 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x151D7234  Ack: 0xCACF24CA  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:42.019025 24.153.56.26:3682 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x15647820  Ack: 0xCAC074C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-03:48:43.902271 24.153.56.26:3710 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57647 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1580094D  Ack: 0xCAD72B33  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-03:48:49.155417 24.153.56.26:3779 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58067 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15C78573  Ack: 0xCB2846F8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:54.285947 24.153.56.26:3852 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58482 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x16106E6B  Ack: 0xCBE63DA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:56.300756 24.153.56.26:3873 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x162A9B90  Ack: 0xCC29ADE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:58.030526 24.153.56.26:3902 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58748 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1644709E  Ack: 0xCBBC47C4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:03.245404 24.153.56.26:3969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59148 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1687B2D8  Ack: 0xCC33330A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:05.024645 24.153.56.26:3989 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x169C7153  Ack: 0xCBE9F2CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:06.857539 24.153.56.26:4007 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59457 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x16B025F3  Ack: 0xCCB1E227  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:11.574056 24.153.56.26:4077 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59840 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x16F2F664  Ack: 0xCCCC80E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:13.265682 24.153.56.26:4112 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59979 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1713EBB8  Ack: 0xCC7FA76A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:18.538127 24.153.56.26:4183 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:60424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x175D66C5  Ack: 0xCCDF8BC2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-04:21:38.445682 66.77.73.64:1576 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:59582 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0x43EBCB1E  Ack: 0x4849365B  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 152279586 851904697 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-10:25:09.443757 24.136.220.9:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:57503 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xF453EC12  Ack: 0xA42B5B8C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-10:25:09.464457 24.136.220.9:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:57504 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xF453F146  Ack: 0xA42B5B8C  Win: 0xFFFF  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:00:28.602058 209.237.238.172:40145 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54185 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE361D886  Ack: 0x2A416BFE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75565870 864161000 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:15.917815 24.91.112.149:1653 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16213 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD3F4B572  Ack: 0x3FF83E49  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:17.062882 24.91.112.149:1669 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16304 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD4069A36  Ack: 0x40A43271  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:17.895825 24.91.112.149:1681 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16375 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD411425A  Ack: 0x403E98E4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:18.456344 24.91.112.149:1694 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16433 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD41E1FE2  Ack: 0x40B6A532  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:18.760647 24.91.112.149:1703 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16476 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD427515A  Ack: 0x403BB83E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:06:19.166501 24.91.112.149:1714 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16516 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD430AF9B  Ack: 0x40A335E0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:06:19.734162 24.91.112.149:1729 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16581 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD43CB5BC  Ack: 0x404B6178  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:20.656683 24.91.112.149:1744 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16662 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD44CBDEA  Ack: 0x40664873  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:21.580380 24.91.112.149:1751 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20641 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD453FE96  Ack: 0x410D0761  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:25.651933 24.91.112.149:1834 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61049 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD4A109D7  Ack: 0x412ABA59  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:32.653898 24.91.112.149:1928 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:10924 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD501124E  Ack: 0x41B7AA8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:42.715585 24.91.112.149:2146 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11837 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5D1A4A9  Ack: 0x4174F9A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:43.255989 24.91.112.149:2162 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11935 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD5E06161  Ack: 0x421F63F0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:53.710055 24.91.112.149:2289 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13115 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD65C839D  Ack: 0x4279A162  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:54.242587 24.91.112.149:2400 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13207 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD6B7C225  Ack: 0x4268D44E  Win: 0x4470  TcpLen: 20

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:55.970445 24.91.112.149:2172 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x42346ECA  Ack: 0xD5EB008C  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-12:37:46.976000 66.196.65.24:42800 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:57044 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF8F5EE5B  Ack: 0x99915E2B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:33.950010 24.204.108.61:4608 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49048 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE5C9D660  Ack: 0x9625E53D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:34.653713 24.204.108.61:4613 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49065 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE5D03306  Ack: 0x956D2EC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:34.990126 24.204.108.61:4622 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49078 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5D5658C  Ack: 0x9599728B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:35.257927 24.204.108.61:4625 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49094 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5D8F1BC  Ack: 0x95471D78  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:35.536388 24.204.108.61:4630 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49105 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5DD5C5E  Ack: 0x95ADCE9E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-13:44:35.863088 24.204.108.61:4634 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49118 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE5E18E1B  Ack: 0x961DD2C1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-13:44:39.407550 24.204.108.61:4668 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49225 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6078C61  Ack: 0x96365836  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:39.682278 24.204.108.61:4670 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49237 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE609D646  Ack: 0x95DA9181  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:39.950228 24.204.108.61:4676 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49247 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE60F2403  Ack: 0x95A7C0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:43.421735 24.204.108.61:4710 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE6338464  Ack: 0x9601CAE9  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:43.734815 24.204.108.61:4712 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49338 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE635CC42  Ack: 0x965D794E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:47.288762 24.204.108.61:4761 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE666119B  Ack: 0x963BCC3A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:47.640208 24.204.108.61:4768 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49512 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE66CA2CB  Ack: 0x96666610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:50.643414 24.204.108.61:4768 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49601 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE66CA2CB  Ack: 0x96666610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:50.869188 24.204.108.61:4800 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49616 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE690AB68  Ack: 0x971CC3C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:51.120419 24.204.108.61:4807 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49626 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE696A007  Ack: 0x96BB3C61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:51.455549 24.204.108.61:4810 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE69A1805  Ack: 0x965E2B46  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.460018 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58060 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA424FE9  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.506126 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58061 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA42559D  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.648796 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2623  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.675970 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2BD7  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:07:29.409654 24.214.6.207:3701 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35770 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCFF799C  Ack: 0xCF5EC2D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:07:29.481328 24.214.6.207:3701 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCFF7F50  Ack: 0xCF5EC2D2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.809055 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE322B8  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.819375 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3286C  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:45:10.567517 24.148.1.42:2541 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:16304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0993D6  Ack: 0x5CFB2759  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:45:10.571594 24.148.1.42:2541 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:16305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD09998A  Ack: 0x5CFB2759  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:50:26.626821 209.237.238.161:2711 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23878 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE8445187  Ack: 0x5442C991  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 124930466 874915549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:51:08.814456 209.237.238.174:54358 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:6655 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF5318C3  Ack: 0x56E14A03  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77660490 874937173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:59:17.809422 209.237.238.172:54196 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:165
***AP*** Seq: 0x76640286  Ack: 0x2FDDD8E7  Win: 0x16A0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.456394 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A1A8  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.491412 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A75C  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-17:02:35.688871 209.237.238.173:44535 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:46614 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3B35B8FB  Ack: 0x826A53C5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77729531 875288961 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-17:05:00.897284 209.237.238.175:45680 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:48859 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x452302EA  Ack: 0x8B6A1BA6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77446207 875363325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:25:56.707354 24.174.84.225:3810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29588 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBFC1BE  Ack: 0xDA37197B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:25:56.736354 24.174.84.225:3810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29589 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBFC772  Ack: 0xDA37197B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.452709 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A86D4  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.471079 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A8C88  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:32:40.330684 209.237.238.159:4048 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58181 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x4978DFFA  Ack: 0xD5BF26FF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675572179 878056418 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:56:54.675090 209.237.238.174:59325 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54378 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xEAF050DB  Ack: 0x32552542  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78415039 878801930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:58:42.779878 209.237.238.172:49107 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:57709 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF22032CB  Ack: 0x38CFFD09  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78435245 878857301 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:05:08.326875 209.237.238.173:49653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61780 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FBB4F0  Ack: 0x50481E34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78464765 879054731 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:08:51.418253 209.237.238.172:50122 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23181 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x19119BEC  Ack: 0x5E5C8837  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78496108 879169027 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:16:11.308261 209.237.238.174:59635 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:49093 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3412F7BF  Ack: 0x7AE8E287  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78530696 879394330 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:17:14.913957 209.237.238.173:47041 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:5864 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x38FC745A  Ack: 0x7ED6D6CF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78537421 879426898 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:19:59.301973 209.237.238.161:2644 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:27647 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x855E8A27  Ack: 0x881EE7DE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 125827598 879511069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:24:05.600180 209.237.238.175:45254 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:4085 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x527A7831  Ack: 0x97DD510D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78280654 879637250 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:31:28.930232 209.237.238.159:4669 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:53328 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9980A70B  Ack: 0xB47E1E97  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675924985 879864304 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.883528 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29521 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B1C4  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.901903 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B778  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:06.119424 24.50.102.88:2543 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:53799 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x72AF02F4  Ack: 0x4E02013A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:13.680103 24.50.102.88:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54961 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7389A7B8  Ack: 0x4E81EB1C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:14.106274 24.50.102.88:3040 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55022 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x742DCF3B  Ack: 0x4E181778  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:17.803035 24.50.102.88:3076 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55659 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x744ABFDD  Ack: 0x4E4E260F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:21.055475 24.50.102.88:3295 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56227 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x74FD24B9  Ack: 0x4ED66D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:24.739244 24.50.102.88:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56802 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x762D2D82  Ack: 0x4F592C08  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:27.822421 24.50.102.88:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57253 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x762D2D82  Ack: 0x4F592C08  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:28.656980 24.50.102.88:3893 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x76C23C64  Ack: 0x4F4ACF18  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:32.867994 24.50.102.88:4106 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57872 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x775FD950  Ack: 0x4F778BDA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:43.316118 24.50.102.88:1067 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59513 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7961B39B  Ack: 0x503C9154  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:43.947969 24.50.102.88:1096 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x797A7AE8  Ack: 0x505BECB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:48.509132 24.50.102.88:1340 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60278 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A3F7D73  Ack: 0x50AE46E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:49.192225 24.50.102.88:1389 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60404 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A662446  Ack: 0x50FF6DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:49.846839 24.50.102.88:1437 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60508 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A8DCB84  Ack: 0x50329683  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:50.498639 24.50.102.88:1479 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60611 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7AAC433A  Ack: 0x5110EFB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:13:00.321437 24.50.102.88:2075 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62117 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C856351  Ack: 0x511CCCFF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.940019 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9E923  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.983888 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9EED7  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-22:01:19.506289 24.129.65.245:2391 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B307A11  Ack: 0xEB3E8916  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-22:01:19.507676 24.129.65.245:2391 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B307FC5  Ack: 0xEB3E8916  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:06:00.219555 209.237.238.161:2858 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61877 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x5B3F5C7C  Ack: 0xDF6AC9E4  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 127183485 886456577 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:07:56.251188 209.237.238.174:53270 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:9100 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FAD5C5D  Ack: 0xE5E943E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79921122 886516025 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:12:23.746800 209.237.238.173:36092 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32436 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB012977A  Ack: 0xF73A41A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79948246 886653031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:17:04.989257 209.237.238.172:43405 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32544 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC1E5040B  Ack: 0x9110D90  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79985443 886797055 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:27:55.925589 64.68.82.37:17175 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:12235 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xE9BDFB5F  Ack: 0x313C1BB1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 527685024 887129170 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:31:48.032855 209.237.238.175:37194 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:9207 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF98506C9  Ack: 0x40EFBE2F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79766857 887249343 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:33:02.939420 209.237.238.174:42313 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:31199 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFE70B588  Ack: 0x44C93567  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80071783 887287698 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-02:13:19.536753 24.77.17.60:2989 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97690AEE  Ack: 0xA2AD315C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-02:13:19.600692 24.77.17.60:2989 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x976910A2  Ack: 0xA2AD315C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-03:45:14.815259 209.237.238.159:3419 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:60422 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x47090D42  Ack: 0xFE94E08A  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 678887118 895037794 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-05:56:20.870192 159.134.176.59:4279 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x67C98747  Ack: 0xEC626288  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-05:56:21.059123 159.134.176.59:4279 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31777 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x67C98CFB  Ack: 0xEC626288  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-07:37:57.703972 63.197.51.170:1466 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D447799  Ack: 0x6C3B1722  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-07:37:57.813580 63.197.51.170:1466 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22007 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D447D4D  Ack: 0x6C3B1722  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-12:16:43.608054 24.71.45.89:1406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A9F5FF9  Ack: 0x8A349EB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-12:16:43.645591 24.71.45.89:1406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A9F65AD  Ack: 0x8A349EB2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-12:51:33.831010 209.237.238.159:2591 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:48525 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x43FA5A3E  Ack: 0xD6EAD6D  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 682164517 911826238 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-13:54:49.309170 24.209.203.150:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:36683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B3826F8  Ack: 0xFB8E1D81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-13:54:49.331393 24.209.203.150:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:36684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B382CAC  Ack: 0xFB8E1D81  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-14:53:23.225172 24.61.2.118:1394 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:7307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15728573  Ack: 0xD966C684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-14:53:23.231574 24.61.2.118:1394 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:7308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15728B27  Ack: 0xD966C684  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-15:55:43.635997 66.196.65.24:31654 -> 192.168.1.6:80
TCP TTL:231 TOS:0x0 ID:13728 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1FF13226  Ack: 0xC4C90AA3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-15:59:46.618189 24.209.97.60:3083 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:30546 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC6D63F7  Ack: 0xD3E92855  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-15:59:46.654901 24.209.97.60:3083 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:30547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC6D69AB  Ack: 0xD3E92855  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-17:10:37.156175 24.209.97.60:2431 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:3229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F6EFBAD  Ack: 0xDFE9965D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-17:10:37.176916 24.209.97.60:2431 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:3230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F6F0161  Ack: 0xDFE9965D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-20:41:48.576237 24.209.238.177:1184 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FABCA90  Ack: 0xFD69BC42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-20:41:48.607655 24.209.238.177:1184 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FABD044  Ack: 0xFD69BC42  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:02:06.248576 24.209.238.177:3846 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:42086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF4B943B0  Ack: 0x4A0779A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:02:06.296842 24.209.238.177:3846 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:42087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF4B94964  Ack: 0x4A0779A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:39:25.725095 24.209.97.60:4371 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:24448 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B2A5F1  Ack: 0xD730D12E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:39:25.737411 24.209.97.60:4371 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:24449 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B2ABA5  Ack: 0xD730D12E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:10:03.515145 24.209.37.151:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25604A  Ack: 0x4AA3D696  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:10:03.561197 24.209.37.151:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2565FE  Ack: 0x4AA3D696  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:52:50.050234 24.209.37.151:3687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8090 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC6E3403  Ack: 0xECA8AAD7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:52:50.070289 24.209.37.151:3687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8091 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC6E39B7  Ack: 0xECA8AAD7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-23:06:47.964344 66.196.65.24:14204 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:52599 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3A730E3F  Ack: 0x21457821  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-23:27:00.469528 67.68.242.158:22581 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:519 IpLen:20 DgmLen:242 DF
***AP*** Seq: 0x22FD62D5  Ack: 0x6DDB55DD  Win: 0x43F8  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-23:34:50.612267 24.63.13.186:2299 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12844 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x74945608  Ack: 0x8A9372F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-23:34:50.643732 24.63.13.186:2299 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x74945BBC  Ack: 0x8A9372F5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-00:00:15.792941 66.230.140.66:6297 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:52602 IpLen:20 DgmLen:155 DF
***AP*** Seq: 0x541CC8C3  Ack: 0xEA8FF27A  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 165135871 932375549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-00:30:37.749516 24.209.238.177:1592 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:24064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5ADEAE5  Ack: 0x5EA46F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-00:30:37.775119 24.209.238.177:1592 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:24065 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5ADF099  Ack: 0x5EA46F13  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-00:31:12.614525 66.196.65.24:41287 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:4759 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x24A5F52A  Ack: 0x6062B26F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:27:19.982469 24.209.238.177:4946 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:48030 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17B8E474  Ack: 0x3449FE77  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:27:20.023795 24.209.238.177:4946 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:48031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17B8EA28  Ack: 0x3449FE77  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:59:06.469768 24.209.37.151:3653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE149EF04  Ack: 0xABF06DD5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:59:08.772701 24.209.37.151:3653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE149F4B8  Ack: 0xABF06DD5  Win: 0x4470  TcpLen: 20

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/29-02:01:17.272997 209.249.123.243:80 -> 192.168.1.6:32841
TCP TTL:52 TOS:0x0 ID:4689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6B50ED00  Ack: 0xB4FC214B  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 234462599 936094658 
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-02:14:14.810249 24.209.37.151:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E928A0E  Ack: 0xE51BC2A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-02:14:14.835224 24.209.37.151:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E928FC2  Ack: 0xE51BC2A3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:08:47.338421 24.209.238.177:1279 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:14809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4549F346  Ack: 0xB395AA0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:08:47.371762 24.209.238.177:1279 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:14810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4549F8FA  Ack: 0xB395AA0C  Win: 0x4470  TcpLen: 20

[**] [1:241:2] DDOS shaft synflood [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-03:42:58.630205 195.28.200.200:80 -> 192.168.1.6:80
TCP TTL:11 TOS:0x0 ID:889 IpLen:20 DgmLen:40 DF
******S* Seq: 0x28374839  Ack: 0x5EFD59A8  Win: 0x888  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS253]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:07.671773 24.186.148.24:1497 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x12A2CF3C  Ack: 0x5E43B46D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:08.020265 24.186.148.24:1501 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7806 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x12A6D0F1  Ack: 0x5EF4E94A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:11.680224 24.186.148.24:1560 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12DD5D53  Ack: 0x5F2E6A4D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:14.969071 24.186.148.24:1604 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8052 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x130BE85F  Ack: 0x5F0AEAFB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:24.265944 24.186.148.24:1741 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8444 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x139480BA  Ack: 0x5FC19079  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-03:54:30.921302 24.186.148.24:1787 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8659 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x13C29BAE  Ack: 0x5FF63172  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-03:54:43.627339 24.186.148.24:1952 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9041 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x146DCC66  Ack: 0x60C73201  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:53.029527 24.186.148.24:2098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9285 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x150AA19D  Ack: 0x61403FD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:53.170125 24.186.148.24:2099 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9291 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x150BA62B  Ack: 0x60B84160  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.538469 24.186.148.24:2143 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1536C5FB  Ack: 0x6157A94E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.645340 24.186.148.24:2148 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153B1218  Ack: 0x61DFC24D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.751435 24.186.148.24:2150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153CE6F8  Ack: 0x61939B44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.879126 24.186.148.24:2151 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9413 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x153E3CE2  Ack: 0x61AD118F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.974627 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9422 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC  Ack: 0x61AF92E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:59.920821 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9501 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC  Ack: 0x61AF92E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:55:03.070714 24.186.148.24:2190 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9595 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x15672AEB  Ack: 0x618CAA5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:55:03.410220 24.186.148.24:2226 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x158CDA9A  Ack: 0x61CB53F8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-05:38:34.064352 64.210.196.198:50457 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:13085 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0x99698771  Ack: 0xE9FDCAED  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:42:59.810672 24.209.37.151:4531 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39338 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18398CE0  Ack: 0xFA4E869A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:42:59.830268 24.209.37.151:4531 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18399294  Ack: 0xFA4E869A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:55:27.022543 24.209.37.151:4610 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20947 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA749A9  Ack: 0x29244E62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:55:27.046926 24.209.37.151:4610 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA74F5D  Ack: 0x29244E62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:52:43.513844 24.209.238.177:1712 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:45009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFCAC0B1  Ack: 0x14A5439  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:52:43.539981 24.209.238.177:1712 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:45010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFCAC665  Ack: 0x14A5439  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:58:00.926147 24.209.238.177:1332 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:2032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA01763D  Ack: 0x157A9654  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:58:00.954845 24.209.238.177:1332 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:2033 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA017BF1  Ack: 0x157A9654  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:14:02.881360 61.189.217.31:3641 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x191333F8  Ack: 0x51DAD26A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:14:02.903092 61.189.217.31:3641 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x191339AC  Ack: 0x51DAD26A  Win: 0x3908  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:32:07.129717 24.27.172.150:4464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47996 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xDA44736E  Ack: 0x96B2D88F  Win: 0x43A4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:32:07.191087 24.27.172.150:4464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47997 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xDA4478A2  Ack: 0x96B2D88F  Win: 0x43A4  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-07:37:30.489499 66.196.65.24:63623 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:19497 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC75D29AF  Ack: 0xAA4FC05C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:05.270031 24.131.113.37:3860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25550 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA6E1F4A4  Ack: 0x567B7713  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:05.903105 24.131.113.37:3888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25611 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA6F87FAB  Ack: 0x564BB5E9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:06.116384 24.131.113.37:3899 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA700DE8D  Ack: 0x56F83507  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:06.303167 24.131.113.37:3902 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25649 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA7040CF5  Ack: 0x56D1E366  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:15.820170 24.131.113.37:4336 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26891 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA864BD74  Ack: 0x5762B3F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-08:23:19.586676 24.131.113.37:4473 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27190 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8D58E52  Ack: 0x57B7785B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-08:23:19.767975 24.131.113.37:4482 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27210 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8DC76D4  Ack: 0x57F1F144  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:19.967347 24.131.113.37:4486 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8DFF43C  Ack: 0x57A0E11E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:20.292227 24.131.113.37:4495 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27271 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8E7AA1B  Ack: 0x574FF2C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.280517 24.99.37.186:3219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46810 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9DA4A657  Ack: 0xBF2668DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.737052 24.99.37.186:3233 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46855 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9DB173C3  Ack: 0xBEB2D0E4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.890423 24.99.37.186:3237 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46874 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DB4847D  Ack: 0xBEDAB28C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:08.235438 24.99.37.186:3295 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47034 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DECBAA2  Ack: 0xBF3F06CD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:11.659780 24.99.37.186:3350 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47201 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E22ADDD  Ack: 0xBF8C3311  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:06:11.806640 24.99.37.186:3353 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47210 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E25733D  Ack: 0xBFB3973E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:06:11.919942 24.99.37.186:3356 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47215 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E27FFAA  Ack: 0xBEE9BFBD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:12.050281 24.99.37.186:3358 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47224 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9E296AB9  Ack: 0xBF0EA569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.170827 24.99.37.186:3398 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47338 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E52E110  Ack: 0xBF07BFA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.290124 24.99.37.186:3402 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E569A0B  Ack: 0xBF4F4C07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.430021 24.99.37.186:3404 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E590D49  Ack: 0xBF550A94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.546090 24.99.37.186:3405 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E5A6BFA  Ack: 0xBEFB8373  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.678760 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47369 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854  Ack: 0xBF9C7A74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:18.639514 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47449 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854  Ack: 0xBF9C7A74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:18.950082 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47462 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B  Ack: 0xBFFEB403  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:21.942599 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B  Ack: 0xBFFEB403  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:22.244377 24.99.37.186:3491 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9EB278B2  Ack: 0xBFC72A44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:25.762687 24.99.37.186:3544 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9EE75DE5  Ack: 0xBFF8F137  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-13:13:14.509891 66.196.65.24:16869 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:40800 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2DEDC0F8  Ack: 0x9EE5005A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-13:44:25.111686 24.209.37.151:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7BE2E36F  Ack: 0x14445A42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-13:44:25.163943 24.209.37.151:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21537 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7BE2E923  Ack: 0x14445A42  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-14:53:17.064759 66.196.65.24:60637 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:13130 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6AE1FAE9  Ack: 0x18459BBD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-17:43:12.676302 216.28.165.181:47980 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:8925 IpLen:20 DgmLen:351
***AP*** Seq: 0xEB719AAE  Ack: 0x97E24E29  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:40.092153 24.245.36.142:4265 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39992 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCCE445CD  Ack: 0x355AB4A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:41.320721 24.245.36.142:4313 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40209 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD0C4687  Ack: 0x2C41E23  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:51.171532 24.245.36.142:4763 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41704 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCE5A75C9  Ack: 0x4F10A92  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:51.691649 24.245.36.142:4774 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41767 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCE6089E8  Ack: 0x44A1171  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:52.205477 24.245.36.142:4808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41837 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE718A31  Ack: 0x4442609  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:18:55.839098 24.245.36.142:4820 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCE78D501  Ack: 0x4FEA6F9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:18:56.192820 24.245.36.142:1097 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCEFE82C3  Ack: 0x49D65D4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:56.459642 24.245.36.142:1109 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42500 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCF08A1D2  Ack: 0x4D0F6B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:00.415036 24.245.36.142:1127 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCF18B505  Ack: 0x493B26C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:00.792930 24.245.36.142:1275 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43123 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCF94246E  Ack: 0x5983A10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:10.476100 24.245.36.142:1639 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44479 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BF7804  Ack: 0x602A149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:10.842215 24.245.36.142:1659 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44544 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0CF5FA4  Ack: 0x5CAD995  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:18.114538 24.245.36.142:1796 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45571 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD1454DF2  Ack: 0x6B71F7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:18.644291 24.245.36.142:1946 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45647 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B99809  Ack: 0x63BE36C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:21.425364 24.245.36.142:1946 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46051 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B99809  Ack: 0x63BE36C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:21.969927 24.245.36.142:2071 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46132 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD2224D6B  Ack: 0x6F26801  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:22.625104 24.245.36.142:2079 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46213 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD229F959  Ack: 0x6F316F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:21.979239 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1538B81  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:22.079282 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1539135  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:24.925252 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1538B81  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:45:53.484967 24.172.109.75:2922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E3BD71  Ack: 0x6A35442A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:45:53.491283 24.172.109.75:2922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E3C325  Ack: 0x6A35442A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:15.955340 24.186.148.24:3182 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14781 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E37C5BA  Ack: 0x893A4B7E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:16.070598 24.186.148.24:3186 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14792 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5E3B49FC  Ack: 0x896387CE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:19.622232 24.186.148.24:3230 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14894 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5E688012  Ack: 0x89F08C4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:29.049907 24.186.148.24:3364 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5EEF2379  Ack: 0x8A56EE87  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:29.200750 24.186.148.24:3368 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15259 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5EF33358  Ack: 0x89DA0ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:54:29.359942 24.186.148.24:3371 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15272 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF5EF89  Ack: 0x89BCD35C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:54:29.502479 24.186.148.24:3372 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15283 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF781F6  Ack: 0x8A7E7E2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:38.910607 24.186.148.24:3486 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15583 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5F70BB20  Ack: 0x8AEACAD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.291262 24.186.148.24:3533 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15692 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA1B82E  Ack: 0x8BC0DAEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.438491 24.186.148.24:3534 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15698 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA348EF  Ack: 0x8C3235C6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.567125 24.186.148.24:3536 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15708 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA573FA  Ack: 0x8BC367D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.697813 24.186.148.24:3539 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA81C24  Ack: 0x8C5924D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.842623 24.186.148.24:3541 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15727 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5FAA6337  Ack: 0x8C71C398  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.979090 24.186.148.24:3543 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FAC1B5C  Ack: 0x8BF93B4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:43.090329 24.186.148.24:3545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15741 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5FAE1F29  Ack: 0x8C2E604D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:46.565526 24.186.148.24:3588 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15836 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FD986E1  Ack: 0x8CAC6C4C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-20:10:18.624181 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40563 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15AAA68D  Ack: 0xC6F9585C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-20:10:18.646744 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40564 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15AAAC41  Ack: 0xC6F9585C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-20:32:42.269364 12.148.209.198:64444 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:5110 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0x34EF7298  Ack: 0x1A91B502  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 184776565 970248711 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:04.895768 24.130.75.33:4684 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:10100 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x67DB4B2  Ack: 0xB6652513  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:16.028350 24.130.75.33:4719 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:10887 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x69E76EE  Ack: 0xB7023A01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:19.877996 24.130.75.33:4954 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:11235 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7763CEE  Ack: 0xB75B3667  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:18:17.268753 24.90.188.91:4728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE96D4C94  Ack: 0xC7474930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:18:17.312260 24.90.188.91:4728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE96D5248  Ack: 0xC7474930  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:24:52.896252 24.209.203.150:4633 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64DF33  Ack: 0xDF8E34A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:24:52.946411 24.209.203.150:4633 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64E4E7  Ack: 0xDF8E34A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:35:37.335302 24.94.192.41:1370 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42353 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB63B03D0  Ack: 0x8655D5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:35:37.348094 24.94.192.41:1370 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42354 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB63B0984  Ack: 0x8655D5D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:39:51.358505 24.201.185.125:3898 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:8769 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x317BF622  Ack: 0x1814E937  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:19:49.390600 24.209.203.150:4346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC760B557  Ack: 0xAEC48A04  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:19:49.414173 24.209.203.150:4346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33801 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC760BB0B  Ack: 0xAEC48A04  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:14.656775 24.192.37.217:3282 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45949 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D099B78  Ack: 0xD6EAC3F8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:23.183376 24.192.37.217:3368 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46245 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2D6C2379  Ack: 0xD806CB72  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:33.288634 24.192.37.217:3464 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46602 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD06C35  Ack: 0xD87362EC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:00.512778 24.126.120.88:1076 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6035 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB0E610D7  Ack: 0xC01030E3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:04.413787 24.126.120.88:1362 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6663 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB1D4A64B  Ack: 0xC0E12369  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:05.999487 24.126.120.88:1419 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6907 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1FFFE1B  Ack: 0xC0CA4804  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:07.659826 24.126.120.88:1479 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7143 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB230119F  Ack: 0xC0913BD6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:21.496828 24.126.120.88:1880 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9258 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB3872FB3  Ack: 0xC1C39946  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-23:32:22.945129 24.126.120.88:2054 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9515 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB4194BF7  Ack: 0xC1EA26A8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-23:32:33.455674 24.126.120.88:2443 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11192 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB55F5CB8  Ack: 0xC2BBE19E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:34.938859 24.126.120.88:2490 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11456 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB584B0F0  Ack: 0xC2463223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:45.224757 24.126.120.88:2561 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13273 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5C035B4  Ack: 0xC263A37C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:07.786753 24.126.120.88:3769 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:17016 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9B5F8BD  Ack: 0xC44E7AC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:12.280651 24.126.120.88:3831 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:17738 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9ECD922  Ack: 0xC52A4CED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:13.693392 24.126.120.88:4005 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:18021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA7E2B8B  Ack: 0xC5807149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:24.057162 24.126.120.88:4419 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:19772 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBBCBEB82  Ack: 0xC6AD08DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:25.683433 24.126.120.88:4472 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20046 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBF98DD5  Ack: 0xC648328B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:27.248994 24.126.120.88:4536 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20301 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBC2FEA8F  Ack: 0xC692B649  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:28.695548 24.126.120.88:4607 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20578 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBC67608A  Ack: 0xC6A1B094  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:32:26.142943 24.163.219.251:2332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47560 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA66555  Ack: 0xF50BEF06  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:32:26.170714 24.163.219.251:2332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47561 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA66B09  Ack: 0xF50BEF06  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:47:18.399344 218.18.72.33:3993 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:46816 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xB0C74DF6  Ack: 0x2CCD74DA  Win: 0x4290  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:47:18.421400 218.18.72.33:3993 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:46817 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xB0C75382  Ack: 0x2CCD74DA  Win: 0x4290  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-09:17:15.055032 24.100.74.154:2081 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854914B6  Ack: 0x63493401  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-09:17:15.119589 24.100.74.154:2081 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60111 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85491A6A  Ack: 0x63493401  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-11:53:48.961994 66.27.55.14:48629 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:1389 IpLen:20 DgmLen:153 DF
***AP*** Seq: 0x14019EB9  Ack: 0xB1E6E83B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 707501163 998554535 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-11:56:47.084783 80.212.222.63:1886 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39719 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xD50D7F6E  Ack: 0xBD68E668  Win: 0x26D4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-11:56:47.189709 80.212.222.63:1886 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39720 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xD50D84FA  Ack: 0xBD68E668  Win: 0x26D4  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-13:17:35.743621 219.155.227.118:3781 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:6909 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9A593954  Ack: 0xEF029195  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-13:17:39.168004 219.155.227.118:3781 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:7274 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9A593EB8  Ack: 0xEF029195  Win: 0x40B0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-16:21:32.240459 24.160.33.54:1913 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12710 IpLen:20 DgmLen:1446 DF
***A**** Seq: 0xF5C620BA  Ack: 0xA57267BB  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-16:21:32.250951 24.160.33.54:1913 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12711 IpLen:20 DgmLen:1446 DF
***A**** Seq: 0xF5C62638  Ack: 0xA57267BB  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.132243 24.150.86.224:3156 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18958 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB70795FD  Ack: 0x6D2BE48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.369125 24.150.86.224:3157 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18984 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7090F85  Ack: 0x735FDCF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.546942 24.150.86.224:3158 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB70AD16D  Ack: 0x7405A43  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.760101 24.150.86.224:3160 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:19009 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70D295A  Ack: 0x71B1C57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.203622 24.150.86.224:3185 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72B97D9  Ack: 0x6F4D733  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.404701 24.150.86.224:3188 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72E221E  Ack: 0x7B27A7F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.584981 24.150.86.224:3189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72F6E18  Ack: 0x7B6E7B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.808754 24.150.86.224:3193 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7332BB0  Ack: 0x7E61187  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.073342 24.150.86.224:3195 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24713 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB7357D03  Ack: 0x7C7F3BE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.273068 24.150.86.224:3196 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25072 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7378F3E  Ack: 0x7CBA066  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.470108 24.150.86.224:3197 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25519 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB7392EA8  Ack: 0x73CCD69  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:03:08.682353 24.150.86.224:3260 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:52208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB788C19E  Ack: 0x80E002B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:30:27.095457 24.55.29.58:1398 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x563B331C  Ack: 0x6FFB986E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:30:27.142705 24.55.29.58:1398 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x563B38D0  Ack: 0x6FFB986E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:55:05.142586 24.160.250.236:1814 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4921 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E6DCE3  Ack: 0xCD2A8C62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:55:05.150348 24.160.250.236:1814 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E6E297  Ack: 0xCD2A8C62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:06:08.332310 24.99.71.129:4510 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A23543  Ack: 0x80892BD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:06:08.333646 24.99.71.129:4510 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A23AF7  Ack: 0x80892BD4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:19:55.190567 24.239.142.141:4754 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42B9AF0  Ack: 0xB4A8A119  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:19:55.221357 24.239.142.141:4754 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6834 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42BA0A4  Ack: 0xB4A8A119  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-01:04:58.622777 66.196.65.24:31506 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:19418 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5135058C  Ack: 0x5E293E40  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.341110 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B1098  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.347759 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B164C  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-02:11:24.783676 24.214.6.207:3000 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2315 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCB41B6D6  Ack: 0x5A3D3DA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-02:11:24.829327 24.214.6.207:3000 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCB41BC8A  Ack: 0x5A3D3DA8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:16:57.318275 24.78.148.85:1705 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34923 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9F6836E3  Ack: 0x167AFD86  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:16:57.807537 24.78.148.85:1718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34962 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9F748D07  Ack: 0x173E9554  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:01.330692 24.78.148.85:1815 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9FC68667  Ack: 0x16C51891  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:04.806857 24.78.148.85:1905 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35599 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA013E843  Ack: 0x177EC342  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:05.050590 24.78.148.85:1913 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35622 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA01A6BB7  Ack: 0x16F1123A  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-05:17:14.609484 24.78.148.85:2102 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C5255F  Ack: 0x181014D6  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-05:17:14.897743 24.78.148.85:2106 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C94AB8  Ack: 0x17EE4FB1  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:15.149810 24.78.148.85:2114 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36240 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0D07475  Ack: 0x17885493  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:24.599476 24.78.148.85:2276 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36759 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA170426E  Ack: 0x18C90258  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:24.834585 24.78.148.85:2279 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1737413  Ack: 0x18C80CB3  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:25.297355 24.78.148.85:2285 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1792C72  Ack: 0x18D1217B  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:25.569409 24.78.148.85:2291 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA17DE064  Ack: 0x18DCEA02  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:29.347267 24.78.148.85:2346 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1B4D69C  Ack: 0x186DF60B  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:29.685959 24.78.148.85:2354 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37012 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA1BBA852  Ack: 0x18C7235E  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:30.447176 24.78.148.85:2383 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37093 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1D34D2D  Ack: 0x1888CD4E  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.032030 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1951FF0  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.039178 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE19525A4  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.408874 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097982  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.413691 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097F36  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.290462 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC149  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.296671 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC6FD  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-09:07:18.338804 24.132.51.251:4441 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x847191B6  Ack: 0x7CEDF780  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-09:07:18.340101 24.132.51.251:4441 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8471976A  Ack: 0x7CEDF780  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-10:38:39.660694 24.163.219.251:1632 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5625FF  Ack: 0xD55B0939  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.912600 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170A4DF  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.919340 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170AA93  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:56:14.404290 65.196.39.36:1797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:24270 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0F4068  Ack: 0xFB654A61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:56:14.412626 65.196.39.36:1797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:24271 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0F461C  Ack: 0xFB654A61  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:51.067292 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D1B6F  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:51.087393 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D2123  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:54.015193 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D1B6F  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:13:46.405052 24.145.197.3:3978 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2459 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AA85DD2  Ack: 0x3D982089  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:13:46.413600 24.145.197.3:3978 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2460 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AA86386  Ack: 0x3D982089  Win: 0x16D0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:53:54.269394 24.209.45.97:3481 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE89779E  Ack: 0xD544D103  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:53:54.290784 24.209.45.97:3481 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE897D52  Ack: 0xD544D103  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-13:08:05.646342 24.209.45.97:4833 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x439C552F  Ack: 0x9E7BBE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-13:08:05.681853 24.209.45.97:4833 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x439C5AE3  Ack: 0x9E7BBE4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-14:45:03.853189 209.237.238.158:2001 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:56287 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x1DD3E83F  Ack: 0x78646BCD  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 708341922 1048068618 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:45.963421 24.138.38.206:3471 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:41548 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x19C9F7E9  Ack: 0xDEA2B23B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:46.420859 24.138.38.206:3485 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:41589 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x19D5BBF3  Ack: 0xDEBBA164  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:59.299614 24.138.38.206:3784 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:42584 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1AD088B3  Ack: 0xDFA6329D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:03.017307 24.138.38.206:3987 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:42874 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1B78D00E  Ack: 0xE018DCDC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:06.224602 24.138.38.206:4077 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1BCA042C  Ack: 0xDFCA87B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-15:12:06.426026 24.138.38.206:4083 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43135 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1BCF2F49  Ack: 0xE0153978  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-15:12:06.668516 24.138.38.206:4090 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43162 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1BD46B02  Ack: 0xE0212E40  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.334618 24.138.38.206:4428 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1CE8F1BB  Ack: 0xE0F09580  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.552814 24.138.38.206:4564 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44564 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D597DC5  Ack: 0xE136F36E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.784591 24.138.38.206:4572 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D60BED8  Ack: 0xE0578081  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.408686 24.138.38.206:4584 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44636 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D6C87C4  Ack: 0xE0733AB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.654121 24.138.38.206:4588 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44661 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D708D44  Ack: 0xE1393137  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.941353 24.138.38.206:4597 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44697 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1D77F013  Ack: 0xE0EB3215  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:23.904533 24.138.38.206:4597 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45024 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1D77F013  Ack: 0xE0EB3215  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:24.318855 24.138.38.206:4743 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45067 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1DEF2909  Ack: 0xE1967107  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:24.517278 24.138.38.206:4747 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1DF261F9  Ack: 0xE0D4DD11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:33.911244 24.138.38.206:3165 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EED5614  Ack: 0xE1E79517  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:38:16.670119 24.209.45.97:4317 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1379407  Ack: 0x429E613F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:38:16.692823 24.209.45.97:4317 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9413 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA13799BB  Ack: 0x429E613F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:54:18.783179 24.209.45.97:1475 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:19336 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6C1F437  Ack: 0x7E663E37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:54:18.803737 24.209.45.97:1475 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:19337 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6C1F9EB  Ack: 0x7E663E37  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.319318 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED762D  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.324760 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED7BE1  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-17:24:23.347387 24.209.98.148:3213 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:4725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39C6A2A  Ack: 0xD395D3A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-17:24:23.374505 24.209.98.148:3213 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:4726 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39C6FDE  Ack: 0xD395D3A5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-19:19:10.771808 24.209.238.177:2815 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:1032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7573017B  Ack: 0x8450DB52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-19:19:10.805728 24.209.238.177:2815 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:1033 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7573072F  Ack: 0x8450DB52  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.015655 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE92725F2  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.021614 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9272BA6  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:10.792767 24.165.22.49:4370 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47323 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDCD807A0  Ack: 0xFE3B5764  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:11.478050 24.165.22.49:4379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47393 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDCE14EDA  Ack: 0xFF00634F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:12.129747 24.165.22.49:4390 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDCEB5A7D  Ack: 0xFE5C967A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:21.830116 24.165.22.49:4552 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDD8635C4  Ack: 0xFF55249E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.504851 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49661 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E504298  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.510885 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E50484C  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:43:50.364184 24.209.238.177:4430 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:12212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x117627C  Ack: 0x6C3FEAAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:43:50.401199 24.209.238.177:4430 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:12213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1176830  Ack: 0x6C3FEAAB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.493488 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8A48A  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.500303 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8AA3E  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-00:52:15.002880 24.87.96.216:3555 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2254 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0x878263AC  Ack: 0x6E9E8854  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-00:52:15.334467 24.87.96.216:3555 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2255 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x8782643F  Ack: 0x6E9E89C2  Win: 0xF982  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.892152 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CDFFD  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.902010 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28153 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CE5B1  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:07.826942 24.74.84.124:4352 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37613 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x461CDA4D  Ack: 0xC1C6AB75  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:09.632645 24.74.84.124:4524 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37912 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x46AC718A  Ack: 0xC22699DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:11.400256 24.74.84.124:4582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38184 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46DD0A52  Ack: 0xC2333196  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:12.950567 24.74.84.124:4657 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38456 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x471AB8B2  Ack: 0xC29D35C5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:23.774212 24.74.84.124:1100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40150 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48679DBB  Ack: 0xC3B921FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-03:30:25.160403 24.74.84.124:1178 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40415 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48A04C5F  Ack: 0xC47887D8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-03:30:35.789814 24.74.84.124:1582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42079 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49EACE55  Ack: 0xC49FEF5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:37.558363 24.74.84.124:1645 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42377 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4A211AF4  Ack: 0xC4CFB1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:51.031256 24.74.84.124:2068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B7E2ECD  Ack: 0xC565D028  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:56.200627 24.74.84.124:2381 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C7D2DC4  Ack: 0xC66C6DA4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:01.045934 24.74.84.124:2563 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46194 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D17583E  Ack: 0xC6905E01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:02.996105 24.74.84.124:2629 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D4E4399  Ack: 0xC6FEB895  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:04.685312 24.74.84.124:2692 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46784 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4D85E424  Ack: 0xC6461620  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:06.147135 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47015 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9  Ack: 0xC6CAA5A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:09.266485 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47524 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9  Ack: 0xC6CAA5A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:16.607747 24.74.84.124:3157 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:48720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4F050728  Ack: 0xC75E6DF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:27.162067 24.74.84.124:3571 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50452 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x505A30A7  Ack: 0xC785ADC4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-04:33:50.587716 24.209.238.177:4615 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:19998 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB05791E7  Ack: 0xB3EAC98D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-04:33:50.618731 24.209.238.177:4615 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:19999 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB057979B  Ack: 0xB3EAC98D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-05:33:58.966241 24.33.80.121:2347 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:34949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A7D705  Ack: 0x979E5751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-05:33:58.995569 24.33.80.121:2347 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:34950 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A7DCB9  Ack: 0x979E5751  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:25:44.193227 24.141.105.208:3378 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x541A68AA  Ack: 0x5A259554  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:25:44.200021 24.141.105.208:3378 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x541A6E5E  Ack: 0x5A259554  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:49:12.330828 24.209.238.177:1602 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:51349 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x78BC8286  Ack: 0xB3F98E76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:49:12.360633 24.209.238.177:1602 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:51350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x78BC883A  Ack: 0xB3F98E76  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-06:54:14.780156 209.237.238.174:34653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:65188 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x76287E04  Ack: 0xC6B5605C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 117277146 1077851796 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:54:22.522831 24.209.238.177:1364 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:8860 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9357EE42  Ack: 0xC70C4710  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:54:22.555358 24.209.238.177:1364 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:8861 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9357F3F6  Ack: 0xC70C4710  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-06:59:49.911459 209.237.238.162:1277 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:13021 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x5F135353  Ack: 0xDB404CB2  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 263785068 1078023429 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-07:11:47.722391 203.93.167.60:4638 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:53863 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x79DEA203  Ack: 0x7F89DC1  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-08:10:34.131291 209.237.238.159:4671 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:44421 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xF3FF90CA  Ack: 0xE622E6CA  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 715033505 1080197190 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-08:12:12.790714 24.209.238.177:2506 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:29244 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23C39058  Ack: 0xEC468D09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-08:12:12.821473 24.209.238.177:2506 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:29245 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23C3960C  Ack: 0xEC468D09  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-09:48:00.695395 24.209.203.150:2601 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99DB26B  Ack: 0x575596DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-09:48:00.715681 24.209.203.150:2601 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99DB81F  Ack: 0x575596DF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:04:36.708829 24.207.196.229:4040 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57929 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD63E6B35  Ack: 0x95DC64FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:04:36.816186 24.207.196.229:4040 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57930 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD63E70E9  Ack: 0x95DC64FD  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:07:57.579333 24.209.203.150:2747 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3276BD6D  Ack: 0xA26D50C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:07:57.610671 24.209.203.150:2747 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3276C321  Ack: 0xA26D50C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.837320 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC51B99  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.843262 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC5214D  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:50:19.515909 24.209.203.150:1189 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C59BAE8  Ack: 0x41294606  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:50:19.548350 24.209.203.150:1189 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C59C09C  Ack: 0x41294606  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.583102 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B25C  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.621461 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B810  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.723914 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA598C1  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.771935 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA59E75  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.081641 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630AF78  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.088355 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30117 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630B52C  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:43:35.366664 24.209.238.177:4785 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:39378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D3F3604  Ack: 0xED989EB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:43:35.399339 24.209.238.177:4785 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:39379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D3F3BB8  Ack: 0xED989EB4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:41.216076 24.220.31.3:4393 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18515 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x24B5394D  Ack: 0xF1E76176  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:50.813970 24.220.31.3:1108 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20078 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x264ECE7E  Ack: 0xF2B551A9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.079575 24.220.31.3:1121 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20116 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x265A3166  Ack: 0xF33B830A  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.360740 24.220.31.3:1127 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20153 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x265F520B  Ack: 0xF30E61A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.598896 24.220.31.3:1136 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2667AE07  Ack: 0xF2D72FFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-12:44:51.825955 24.220.31.3:1149 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20207 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x26718E8C  Ack: 0xF26F2D51  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-12:44:52.078311 24.220.31.3:1157 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20238 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2678379A  Ack: 0xF2DE6FA1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:04.475466 24.220.31.3:1601 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22155 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x27DAFE18  Ack: 0xF30A61B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:04.930231 24.220.31.3:1790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28718E2C  Ack: 0xF3F3D1DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:05.391191 24.220.31.3:1818 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28883EDB  Ack: 0xF359BD6D  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:05.890139 24.220.31.3:1841 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22421 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x289B0D59  Ack: 0xF3EDACC1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:06.321892 24.220.31.3:1867 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22498 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28B25C40  Ack: 0xF391E2B2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:06.761767 24.220.31.3:1885 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22587 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28BFF3D6  Ack: 0xF3E837C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:07.216528 24.220.31.3:1910 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22669 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28D31034  Ack: 0xF3AA7278  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:07.579780 24.220.31.3:1933 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22747 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x28E66472  Ack: 0xF441BB67  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:16.805979 24.220.31.3:2448 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24589 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2A8C560A  Ack: 0xF446CC32  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.282017 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F0C3E  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.289166 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F11F2  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.885533 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50814 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EA4BD  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.927932 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EAA71  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.894290 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916802  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.914096 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916DB6  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:17:45.046537 24.209.203.150:1764 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F1F4B68  Ack: 0x51420549  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:17:45.079048 24.209.203.150:1764 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31384 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F1F511C  Ack: 0x51420549  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:20:00.431703 24.209.203.150:1188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAC74D52  Ack: 0x59E06101  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:20:00.463907 24.209.203.150:1188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAC75306  Ack: 0x59E06101  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.278670 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0A463  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.300070 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19135 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0AA17  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:55:24.189246 24.209.238.177:2089 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:25686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x739C3E67  Ack: 0xC10FD6DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:55:24.219654 24.209.238.177:2089 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:25687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x739C441B  Ack: 0xC10FD6DC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:25:43.577080 24.209.238.177:1609 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59499 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6643507  Ack: 0xFA2B6BF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:25:43.611479 24.209.238.177:1609 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59500 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6643ABB  Ack: 0xFA2B6BF2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.270684 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD02055DB  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.304375 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0205B8F  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-19:41:17.376488 24.102.7.235:3361 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x713FF4A2  Ack: 0x178A4590  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-19:41:17.440607 24.102.7.235:3361 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x713FFA56  Ack: 0x178A4590  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-20:11:58.317129 64.68.82.39:34974 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:47423 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3A0B4AE4  Ack: 0x8B2A6895  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1599599614 1102365972 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.790023 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96BAFF  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.818167 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96C0B3  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:42:56.668575 24.172.109.3:2689 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FE01B8E  Ack: 0x656930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:42:56.675935 24.172.109.3:2689 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FE02142  Ack: 0x656930  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.022233 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62565 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BD6CC  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.044824 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BDC80  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:20.793242 24.118.109.209:1891 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10527 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD11FD684  Ack: 0x8E840EA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:20.799247 24.118.109.209:1891 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10528 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD11FDC38  Ack: 0x8E840EA0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:53.776613 24.151.33.76:1129 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72C6866  Ack: 0x9024A191  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:53.786949 24.151.33.76:1129 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72C6E1A  Ack: 0x9024A191  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-02:06:59.565927 24.148.85.85:1895 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44174 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A93EA0B  Ack: 0xC9140306  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-02:06:59.611128 24.148.85.85:1895 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44175 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A93EFBF  Ack: 0xC9140306  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.527589 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE95D12  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.573104 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE962C6  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:17:10.497767 218.58.6.15:2817 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:15042 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xC6D79AC8  Ack: 0xD20A3B98  Win: 0x4410  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:34:50.972658 216.211.89.221:4324 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33224 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0xD41115AE  Ack: 0x144D956D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-07:03:55.891581 24.93.51.106:1832 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2F30B1F  Ack: 0x2A019E7F  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-07:03:55.898148 24.93.51.106:1832 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2F310D3  Ack: 0x2A019E7F  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:19.984803 24.201.150.218:4781 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2459 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EBB0DD5  Ack: 0x44DCD667  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:21.312677 24.201.150.218:4816 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9EDCD65A  Ack: 0x44CA0DE4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:25.326239 24.201.150.218:4829 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9EE7EFB4  Ack: 0x45158E66  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:26.383316 24.201.150.218:4899 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9F243352  Ack: 0x451D9063  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:28.121361 24.201.150.218:4923 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3050 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F3553DD  Ack: 0x45218128  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:57:29.269827 24.201.150.218:4948 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3160 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9F47DAEC  Ack: 0x4515997D  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:57:30.364357 24.201.150.218:4996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3268 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9F5A9443  Ack: 0x45604054  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:31.480480 24.201.150.218:1046 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3380 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9F70A34F  Ack: 0x45118266  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:36.232406 24.201.150.218:1120 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3744 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FB6B1AC  Ack: 0x456A3D4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:37.238223 24.201.150.218:1148 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FD27535  Ack: 0x454D8E39  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:38.311732 24.201.150.218:1162 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3950 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FE0AB5B  Ack: 0x45D5DC81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:39.328216 24.201.150.218:1180 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FF3241D  Ack: 0x45C06C51  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:40.391473 24.201.150.218:1197 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA0042B1B  Ack: 0x45B14E46  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:41.380028 24.201.150.218:1219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4210 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA017EEB2  Ack: 0x465A027A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:44.372258 24.201.150.218:1219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA017EEB2  Ack: 0x465A027A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:46.450748 24.201.150.218:1286 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4590 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA057EF21  Ack: 0x464446EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:56.609768 24.201.150.218:1450 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5352 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F8E9D6  Ack: 0x46ABF2E3  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:57.038535 24.150.202.37:4664 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36184 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFEC07CF6  Ack: 0x46C0A37F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.029246 24.150.202.37:1042 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36748 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFFAFBE1C  Ack: 0x470CECB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.263899 24.150.202.37:1048 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36788 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFB556C5  Ack: 0x46C1285B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.514859 24.150.202.37:1052 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36826 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFB99539  Ack: 0x4750710A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.850592 24.150.202.37:1055 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFFBD510B  Ack: 0x478AA910  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:58:04.196023 24.150.202.37:1063 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37504 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFC458D2  Ack: 0x46FF87B4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:58:13.404496 24.150.202.37:1156 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38775 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x147777  Ack: 0x47251578  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:13.752024 24.150.202.37:1347 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38827 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC68C6A  Ack: 0x48008D98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:22.937227 24.150.202.37:1357 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC8B96  Ack: 0x47CB43DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:26.210397 24.150.202.37:1529 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1713BAF  Ack: 0x48BFE65F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:26.497425 24.150.202.37:1586 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40472 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1A4710B  Ack: 0x48DD4203  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:29.960303 24.150.202.37:1648 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E0889F  Ack: 0x49152EFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:39.420967 24.150.202.37:1831 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42223 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2871B4B  Ack: 0x4930D731  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:48.778720 24.150.202.37:1837 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28D10CE  Ack: 0x4908C570  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:49.013105 24.150.202.37:1996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43339 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3233265  Ack: 0x49E7BCD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:49.232138 24.150.202.37:2006 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x32B22F3  Ack: 0x4A05F7C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-15:35:15.619878 24.99.77.52:1343 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4460 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0xB761119D  Ack: 0xB602B411  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-15:35:15.620420 24.99.77.52:1343 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4461 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0xB76116ED  Ack: 0xB602B411  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-17:00:42.167858 24.174.80.15:3400 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22207 IpLen:20 DgmLen:1496 DF
***A**** Seq: 0x5B3D1ED7  Ack: 0xF91AFDAE  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-17:00:42.169203 24.174.80.15:3400 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22208 IpLen:20 DgmLen:1496 DF
***A**** Seq: 0x5B3D2487  Ack: 0xF91AFDAE  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-17:48:42.957428 65.214.36.115:45266 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:32519 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xFFBD27B5  Ack: 0xACD2749F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 216291880 1142213443 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:24.638803 24.214.98.64:2756 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:112
***AP*** Seq: 0x554A5F28  Ack: 0xBDDC4E4F  Win: 0x0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:25.061610 24.214.98.64:2788 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44698 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5564CF1A  Ack: 0x5EF6F82B  Win: 0x16D0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:34.899918 24.214.98.64:3312 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5708BC45  Ack: 0x5F1FD3B7  Win: 0x16D0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:14.775394 24.214.98.64:1613 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x62BF0840  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:15.514936 24.214.98.64:1642 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:138
***AP*** Seq: 0x62E4E29D  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:16.726231 24.214.98.64:1668 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x622FE8B7  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-19:38:36.798373 64.210.196.198:36221 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:514 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0xF29CE80E  Ack: 0x4D7AA816  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:25.956687 61.143.118.72:2159 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:64965 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x25D36311  Ack: 0x7F20FE25  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:25.984902 61.143.118.72:2159 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:64966 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x25D368BD  Ack: 0x7F20FE25  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.088909 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC467B  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.110065 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC4C2F  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.572739 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65165 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D35116  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.594753 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65166 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D356CA  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-00:03:27.689241 216.39.48.207:44629 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50569 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xE185F990  Ack: 0x35C7DEC4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25640258 1153731304 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:30.543338 24.209.105.156:4331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3DDE23CA  Ack: 0xE067EFF3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:32.859267 24.209.105.156:4417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27202 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E285316  Ack: 0xE0BE7455  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:33.047326 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E2D0AF6  Ack: 0xE0A965FF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.672741 24.209.105.156:4531 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27796 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E87D16A  Ack: 0xE0BA235F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.967702 24.209.105.156:4548 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E96C301  Ack: 0xE0CDC083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:37.251893 24.209.105.156:4554 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3E9C876C  Ack: 0xE0F6166B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:40.694698 24.209.105.156:4634 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28352 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EE4165E  Ack: 0xE1BEC78C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:44.436077 24.209.105.156:4650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28912 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3EF17D8B  Ack: 0xE221AEBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:48.100957 24.209.105.156:4757 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F4BC9F4  Ack: 0xE308F50C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:49.256114 24.209.105.156:4876 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FAFBD18  Ack: 0xE2722841  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.350302 24.209.105.156:4905 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FC89145  Ack: 0xE32EB63E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.827340 24.209.105.156:4918 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FD4C053  Ack: 0xE297969E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:51.790702 24.209.105.156:4956 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29936 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FF394E6  Ack: 0xE2DEEC9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.237698 24.209.105.156:4965 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FFB718A  Ack: 0xE2995FBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.483323 24.209.105.156:4978 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30031 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40069EF2  Ack: 0xE33D96BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.615673 24.209.105.156:4982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x400A46C6  Ack: 0xE2BC8F85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:57:54.161462 24.99.37.186:3361 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24902 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x92742B5F  Ack: 0xAC0B2BDF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:57:54.848538 24.99.37.186:3384 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25003 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9286E301  Ack: 0xAC0AC82C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:04.216136 24.99.37.186:3709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26408 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x939DD825  Ack: 0xACCA2615  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:04.347100 24.99.37.186:3713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93A1C35B  Ack: 0xAC4E6552  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:13.735616 24.99.37.186:3996 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x94971147  Ack: 0xACF731C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:58:23.092889 24.99.37.186:4299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28705 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9596852B  Ack: 0xAD2F6CE1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:58:32.500164 24.99.37.186:4626 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30118 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96B057CA  Ack: 0xADD85F86  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:32.665524 24.99.37.186:4630 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30124 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x96B3719B  Ack: 0xADDE8E85  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:35.775949 24.99.37.186:4709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30381 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96F81BF9  Ack: 0xAE703939  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:35.906136 24.99.37.186:4713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30394 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FB0049  Ack: 0xAE52161F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:36.027122 24.99.37.186:4717 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FE7ECA  Ack: 0xAE9C7FA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.443481 24.99.37.186:4939 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31157 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97C4F21F  Ack: 0xAEABE7D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.577356 24.99.37.186:4949 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31175 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x97CD2644  Ack: 0xAE897660  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.695409 24.99.37.186:4951 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31185 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97CF33C0  Ack: 0xAE5C21D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.827691 24.99.37.186:4961 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31214 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97D70B65  Ack: 0xAF1D843E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.970330 24.99.37.186:4963 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97D8CD82  Ack: 0xAEB8D03F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.161969 24.209.105.156:3318 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39842 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93D78D31  Ack: 0x9F7130F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.423643 24.209.105.156:3322 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39888 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93DB5A2D  Ack: 0x9FCD19FE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.652951 24.209.105.156:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39933 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E358BD  Ack: 0x9F6DCAFF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.859016 24.209.105.156:3339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39973 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E94DB5  Ack: 0x9F5A1F1E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:21.107071 24.209.105.156:3346 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40014 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x93EF5E94  Ack: 0x9F463DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.657301 24.209.105.156:3659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94F83DF4  Ack: 0x9FB9CD67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.795342 24.209.105.156:3666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94FEC3E4  Ack: 0xA07BA238  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:30.928126 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41703 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9504948F  Ack: 0xA026FEE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.038713 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9507C0E5  Ack: 0x9FB34EE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.161857 24.209.105.156:3679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41758 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9509A6C2  Ack: 0xA0336DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.440678 24.209.105.156:3687 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x950FF526  Ack: 0x9FFA4670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.707992 24.209.105.156:3962 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95FB24A4  Ack: 0xA09F4DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.890761 24.209.105.156:3967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43271 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x95FFA285  Ack: 0xA0C9C19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.090620 24.209.105.156:4073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43790 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9656278C  Ack: 0xA0BA7010  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.193817 24.209.105.156:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43814 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x965B79F3  Ack: 0xA0A026F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.378402 24.209.105.156:4083 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x965EBE7B  Ack: 0xA09692DE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:36.265979 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47473 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5EB09D8F  Ack: 0x20E314A3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.857158 24.209.105.156:4610 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5F5519E7  Ack: 0x21414FCA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.959651 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F56F490  Ack: 0x21D6185E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.057753 24.209.105.156:4617 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F5B6B02  Ack: 0x21845C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.138220 24.209.105.156:4621 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F5EBCFA  Ack: 0x21C083EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:44:49.952193 24.209.105.156:4881 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48850 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x603D71FE  Ack: 0x226917D7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:45:11.736843 24.209.105.156:3506 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51259 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x62484886  Ack: 0x2372F86F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:21.772044 24.209.105.156:3736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52117 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x63157F11  Ack: 0x237784AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.043574 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63221BB1  Ack: 0x236FC67A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.190300 24.209.105.156:3759 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52191 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63297D89  Ack: 0x23F4290A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.421607 24.209.105.156:3764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x632DD294  Ack: 0x2430C2BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.693351 24.209.105.156:3769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63328122  Ack: 0x2402EAAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.153827 24.209.105.156:3780 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52302 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x633BCBA2  Ack: 0x243CBF52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.476152 24.209.105.156:3797 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52350 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6349C010  Ack: 0x2431F69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.924031 24.209.105.156:3807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52399 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6351F635  Ack: 0x23C5DE51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:34.152530 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64532422  Ack: 0x2436265E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.821977 24.209.105.156:4458 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x34705DD6  Ack: 0x2625341B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.966910 24.209.105.156:4462 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10689 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3474285C  Ack: 0x26216A5C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.079617 24.209.105.156:4469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10702 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3479F123  Ack: 0x260166C3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.191794 24.209.105.156:4475 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10719 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347E9BD3  Ack: 0x25F46DF3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.286749 24.209.105.156:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10731 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x348067EB  Ack: 0x25FBC3E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.377285 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34815343  Ack: 0x26CA356F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.467416 24.209.105.156:4483 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10763 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34854B96  Ack: 0x268C772A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.809620 24.209.105.156:4764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11809 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3573ECA7  Ack: 0x26BBE6C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.916272 24.209.105.156:4768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x35770064  Ack: 0x26F26C2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.998623 24.209.105.156:4769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11834 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3577C60E  Ack: 0x27387EC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:37.637674 24.209.105.156:3009 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36474998  Ack: 0x28090F02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:46.957736 24.209.105.156:3299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x373B6F59  Ack: 0x285D819C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:50.191527 24.209.105.156:3410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14148 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3795D838  Ack: 0x27DFF2CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.330501 24.209.105.156:3529 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F90A33  Ack: 0x28DC8949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.536097 24.209.105.156:3533 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14610 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37FC0A36  Ack: 0x283A23BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.642312 24.209.105.156:3539 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38014859  Ack: 0x2891490F  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:37:08.472124 12.148.209.198:65502 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:55797 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0x67DB17F3  Ack: 0x8F36C3C1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 224399758 1173204446 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.299968 24.209.105.156:3495 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38013 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75EA4D16  Ack: 0xF29FA6EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.816518 24.209.105.156:3509 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75F68EAC  Ack: 0xF30FE75C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:36.642490 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39724 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x771A8F1A  Ack: 0xF34753D8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.490767 24.209.105.156:4120 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41085 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77FC9000  Ack: 0xF463AFB8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.748806 24.209.105.156:4133 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x780745B8  Ack: 0xF42E4967  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:47.026630 24.209.105.156:4147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41185 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78113D0D  Ack: 0xF4993944  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:56.862290 24.209.105.156:4403 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78EE4209  Ack: 0xF4B24016  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.275468 24.209.105.156:4415 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42850 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x78F8B7F8  Ack: 0xF4EC6B95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.768038 24.209.105.156:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42920 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x794F1E1C  Ack: 0xF519C419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.310561 24.209.105.156:4525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x795A1D63  Ack: 0xF4F8D6D4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.643211 24.209.105.156:4545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43050 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x796A9B07  Ack: 0xF579B0C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:11.540043 24.209.105.156:4841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A67B170  Ack: 0xF605ECC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.032623 24.209.105.156:4855 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A744811  Ack: 0xF6242BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.563425 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A816C21  Ack: 0xF56C917B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.012606 24.209.105.156:4885 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44675 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A8E3C0A  Ack: 0xF5B9D76B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.528783 24.209.105.156:4899 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A9B1E63  Ack: 0xF63AAD99  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:26.592821 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55680 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDDC08037  Ack: 0x32B88BD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.093174 24.209.105.156:3166 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57288 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEBA5242  Ack: 0x33147C02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.601792 24.209.105.156:3270 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0EC020  Ack: 0x335B81F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:50.648310 24.209.105.156:3611 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE02C330A  Ack: 0x345AC442  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.168597 24.209.105.156:3631 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE03F4AE1  Ack: 0x34D73CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.478711 24.209.105.156:3652 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58865 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE04E2017  Ack: 0x343B2A87  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.742320 24.209.105.156:3663 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0580A48  Ack: 0x34DA104C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.987478 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58970 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE060207C  Ack: 0x34B943FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:03:57.440185 24.209.105.156:3832 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43811 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4DDFED5F  Ack: 0xB92004B2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:06.937495 24.209.105.156:4159 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45159 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4EF0815A  Ack: 0xB95D52F2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:16.695500 24.209.105.156:4488 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46545 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5001B977  Ack: 0xBAABE9F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.171437 24.209.105.156:4783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47718 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x50F99789  Ack: 0xBB60ED3A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.278297 24.209.105.156:4786 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47736 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50FCE742  Ack: 0xBAAA067F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.691926 24.209.105.156:3055 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DAAB17  Ack: 0xBCC80887  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.990035 24.209.105.156:3061 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DFB87F  Ack: 0xBCCD4B52  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.392142 24.209.105.156:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48856 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51E47036  Ack: 0xBC5CD3A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.891076 24.209.105.156:3080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51EDD580  Ack: 0xBCBB3541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.773121 24.209.105.156:3336 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52C83DF3  Ack: 0xBD75A498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.930670 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49958 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D00F72  Ack: 0xBDAC50A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:47.119447 24.209.105.156:3352 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D5E987  Ack: 0xBD76BCAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.652811 24.209.105.156:3501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x534A8AB9  Ack: 0xBD718FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.720708 24.209.105.156:3505 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50573 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x534DCC9C  Ack: 0xBD5C93D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.983138 24.209.105.156:3510 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50606 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5351BDEC  Ack: 0xBD031976  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:54.170050 24.209.105.156:3598 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x53A0CC72  Ack: 0xBDC3693D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:03.122399 24.209.105.156:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14991 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB858A3BB  Ack: 0xE5376045  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:13.685928 24.209.105.156:4941 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16586 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB97C12F7  Ack: 0xE68C3F1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:14.211316 24.209.105.156:4949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16653 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB9837D9E  Ack: 0xE5AC1FD4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:17.880696 24.209.105.156:4964 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17214 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB990AE74  Ack: 0xE6A7F1D7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:18.354709 24.209.105.156:3073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EA5B0A  Ack: 0xE6AEA477  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:18.709223 24.209.105.156:3091 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9F9DF94  Ack: 0xE5F3EB12  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:40.339199 24.209.105.156:3718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC0F651A  Ack: 0xE803011E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:40.648523 24.209.105.156:3726 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20529 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC16B00D  Ack: 0xE7D2A6CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:54.854595 24.209.105.156:4030 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD193D6F  Ack: 0xE83C823C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.163416 24.209.105.156:4162 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22586 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8D9195  Ack: 0xE9AF1BCF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.618031 24.209.105.156:4168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD933987  Ack: 0xE9BE8885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:56.079696 24.209.105.156:4178 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22713 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD9CFDD3  Ack: 0xE9ECA86B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.100134 24.209.105.156:4292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23246 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBDFC210A  Ack: 0xE9A83299  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.590077 24.209.105.156:4301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBE0448DC  Ack: 0xEA2DF2F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.980304 24.209.105.156:4312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23369 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE0EF9E0  Ack: 0xE97AB13B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:09.230370 24.200.41.113:4596 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28438 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x69664359  Ack: 0x105AD181  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:12.166875 24.200.41.113:4633 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28565 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x698DE788  Ack: 0x100C99CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:15.347171 24.200.41.113:4684 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28729 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69BF2868  Ack: 0x10B23295  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:15.580276 24.200.41.113:4690 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28756 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69C51A3C  Ack: 0x10C5C310  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.018026 24.200.41.113:4754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A005358  Ack: 0x10F23430  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:42:19.210626 24.200.41.113:4760 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28986 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A06086D  Ack: 0x10B2E54E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:42:19.420670 24.200.41.113:4762 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28998 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A085662  Ack: 0x10B2E568  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.664487 24.200.41.113:4764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29020 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6A0ABC98  Ack: 0x10D7EAD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.893341 24.200.41.113:4768 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A0E734D  Ack: 0x111D0418  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.126915 24.200.41.113:4775 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29053 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A13B759  Ack: 0x1090CB76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.372103 24.200.41.113:4779 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29068 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A17F563  Ack: 0x1124F0F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.618033 24.200.41.113:4787 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A1E4FD3  Ack: 0x11172D39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.825247 24.200.41.113:4794 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29127 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A245A03  Ack: 0x111AFC65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.022102 24.200.41.113:4797 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29143 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A27E0B3  Ack: 0x1100B3C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.219917 24.200.41.113:4801 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29157 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A2B97F4  Ack: 0x11459D5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.448276 24.200.41.113:4806 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29189 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A301ACE  Ack: 0x114224EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:51:59.192676 24.80.9.168:3369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32335 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7F78A53  Ack: 0x3483CDF8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:51:59.241631 24.80.9.168:3369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32336 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7F79007  Ack: 0x3483CDF8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:07.597126 24.150.35.194:1318 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:48400 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCEE83309  Ack: 0x4FAB1EEC  Win: 0xC90  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:17.835895 24.150.35.194:1514 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49133 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCF9C801F  Ack: 0x50F044CF  Win: 0xC90  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.117357 24.150.35.194:1516 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49164 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCF9F3172  Ack: 0x50356E5D  Win: 0xC90  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.464403 24.150.35.194:1520 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49185 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFA352D9  Ack: 0x50328B1E  Win: 0xC90  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.984051 24.150.35.194:1522 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49225 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCFA5BE36  Ack: 0x50ADE5D4  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:59:19.206523 24.150.35.194:1550 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49254 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCFBD003E  Ack: 0x50CFA2E7  Win: 0xC90  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:59:19.556604 24.150.35.194:1553 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49274 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCFC045DD  Ack: 0x509F88AF  Win: 0xC90  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:30.281616 24.150.35.194:1814 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50423 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD0A7735A  Ack: 0x519345C6  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:30.476651 24.150.35.194:1845 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50523 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BEA2AE  Ack: 0x514527D0  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:33.791234 24.150.35.194:1929 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD108E8DE  Ack: 0x518E76BC  Win: 0xC90  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:34.067905 24.150.35.194:1935 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD10E0A62  Ack: 0x5133C368  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:37.843135 24.150.35.194:2014 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51086 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD15654A8  Ack: 0x51FADB6B  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:41.700196 24.150.35.194:2094 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD19FC995  Ack: 0x52588AFE  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:41.953927 24.150.35.194:2108 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1AC150E  Ack: 0x51E86C62  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:42.183041 24.150.35.194:2114 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51451 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD1B1CAE9  Ack: 0x520C6AD3  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:42.402737 24.150.35.194:2121 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B8C26E  Ack: 0x523725FC  Win: 0xC90  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:11.284321 24.209.105.156:3248 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25679 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF70B8734  Ack: 0xAB62B2C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:14.916325 24.209.105.156:3387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF77DD61D  Ack: 0xAB35A608  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:15.120110 24.209.105.156:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7854CD2  Ack: 0xAB6DF8F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:28.358728 24.209.105.156:3660 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8707AE4  Ack: 0xAB77F4A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:32.260673 24.209.105.156:3872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28094 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF924C06F  Ack: 0xAC330F36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:32.771035 24.209.105.156:3886 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF92F65BF  Ack: 0xAC9E0757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:33.069169 24.209.105.156:3902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28219 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF93DE2C7  Ack: 0xACAE263B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:33.380175 24.209.105.156:3922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF94EB8F9  Ack: 0xAC8423F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:36.727808 24.209.105.156:4027 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28674 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9A5EE66  Ack: 0xACC4E996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:40.252420 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29112 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9FE0D86  Ack: 0xAC54E8DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.104313 24.209.105.156:4274 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29682 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA758208  Ack: 0xAD0230DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.501453 24.209.105.156:4286 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA7F6443  Ack: 0xAD05E7AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:45.000178 24.209.105.156:4299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29790 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA89C227  Ack: 0xACDB94F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.549804 24.209.105.156:4382 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30125 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAD3C1FF  Ack: 0xAD7D0176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.664877 24.209.105.156:4396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30144 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFAE15A14  Ack: 0xAD0B98C4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.745764 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30156 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE5A95D  Ack: 0xACE2AAC5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:34.223088 24.214.104.38:1545 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28288 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D525EBF  Ack: 0x6907309A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:34.650045 24.214.104.38:1551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2D57F60D  Ack: 0x690D57D5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:43.859540 24.214.104.38:1675 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28664 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD50564  Ack: 0x696AAFA6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:44.152129 24.214.104.38:1681 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28687 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD9A5FA  Ack: 0x69B10A78  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:44.497901 24.214.104.38:1686 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28710 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DDE6AEE  Ack: 0x699FF11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-17:13:44.735489 24.214.104.38:1694 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28729 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DE5F39F  Ack: 0x6A0E088C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-17:13:54.030322 24.214.104.38:1827 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29101 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2E6B2AF7  Ack: 0x6AE789A0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:54.263406 24.214.104.38:1831 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29111 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2E6F33D3  Ack: 0x69F2FADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:54.531438 24.214.104.38:1834 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29126 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2E72A9F4  Ack: 0x6AB02A8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:03.778602 24.214.104.38:1946 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29430 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EE79B4D  Ack: 0x6B72125C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.055788 24.214.104.38:1950 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EEBBB76  Ack: 0x6B00C7B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.307754 24.214.104.38:1955 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29459 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EF0A5CD  Ack: 0x6ACD73C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.662855 24.214.104.38:1963 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29475 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2EF86D6B  Ack: 0x6B0BD52B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.892071 24.214.104.38:1964 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29484 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2EFA3C24  Ack: 0x6AA33C67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:05.109533 24.214.104.38:1967 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2EFD3672  Ack: 0x6B5C9EC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:05.385229 24.214.104.38:1970 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29505 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2F0028E2  Ack: 0x6B630DE0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-18:07:48.149956 24.229.63.112:3605 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D3AECA7  Ack: 0x352A06D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-18:07:48.545623 24.229.63.112:3605 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D3AF25B  Ack: 0x352A06D4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:26.999656 24.209.105.156:4700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39144 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x50929F3E  Ack: 0xBB0DDC12  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:36.962255 24.209.105.156:3011 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40581 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x51946D1C  Ack: 0xBB609480  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:40.197166 24.209.105.156:3150 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5206DFF6  Ack: 0xBB44CFDC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:43.985895 24.209.105.156:3303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41840 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5280C345  Ack: 0xBB76D722  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:53.958884 24.209.105.156:3594 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43188 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x537B0F6C  Ack: 0xBC1397BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.558751 24.209.105.156:3606 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43653 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53866BB6  Ack: 0xBBE228B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.800117 24.209.105.156:3693 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53D31F80  Ack: 0xBC9C9421  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.000920 24.209.105.156:3710 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x53E08C39  Ack: 0xBD13E865  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.591698 24.209.105.156:3733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F3D184  Ack: 0xBCA4222B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:02.667071 24.209.105.156:3805 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x54350A54  Ack: 0xBCD0C5F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:03.191129 24.209.105.156:3830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44315 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x544967CB  Ack: 0xBD5569B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.680931 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x545BB650  Ack: 0xBD62C292  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.920514 24.209.105.156:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54A5E7BB  Ack: 0xBCD2B903  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.466988 24.209.105.156:3944 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44833 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54ABDE3D  Ack: 0xBCC9AB8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.979432 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44905 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x54B918BC  Ack: 0xBD8782E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:08.317951 24.209.105.156:3980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CA63DC  Ack: 0xBD54D154  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:34.880955 24.44.2.165:2551 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24974 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4A38E656  Ack: 0x4BF4B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:35.260372 24.44.2.165:2553 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24987 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4A3BB1DC  Ack: 0x4B36DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:41.828769 24.44.2.165:2595 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25141 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A683437  Ack: 0x4BBDACA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:45.131989 24.44.2.165:2672 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25233 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4AB793E1  Ack: 0x552113A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:48.430190 24.44.2.165:2711 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25317 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4AE0B68F  Ack: 0x54EB92C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:48.599652 24.44.2.165:2713 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25328 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AE30531  Ack: 0x553C739  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:51.903641 24.44.2.165:2751 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25409 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B0889D3  Ack: 0x5AD916F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.022261 24.44.2.165:2754 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25416 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4B0B542A  Ack: 0x5A8CF7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.135669 24.44.2.165:2757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0DF1F9  Ack: 0x600F236  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.304262 24.44.2.165:2759 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B10008D  Ack: 0x551D4FE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.461095 24.44.2.165:2761 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B11FCAE  Ack: 0x6096923  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.633397 24.44.2.165:2763 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25456 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B1475BD  Ack: 0x5E1F630  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.766617 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25466 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:55.711064 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.059348 24.44.2.165:2807 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B3FE8CF  Ack: 0x5D1EE02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.168570 24.44.2.165:2810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25568 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B427F15  Ack: 0x60E1CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.306356 24.44.2.165:2811 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25577 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B43D302  Ack: 0x64F2062  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-00:34:14.205249 24.239.142.141:2213 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37957A61  Ack: 0xE9403176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-00:34:14.247447 24.239.142.141:2213 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37958015  Ack: 0xE9403176  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.255210 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8768D43  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.275891 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB87692F7  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:16:45.752411 24.166.156.30:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:8775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1AB393B  Ack: 0x6C88881E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:16:45.760079 24.166.156.30:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:8776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1AB3EEF  Ack: 0x6C88881E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:08.038691 24.209.105.156:4086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5750 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBD998CB0  Ack: 0x71F494E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.160549 24.209.105.156:4170 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6031 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBDE0FB21  Ack: 0x727EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.250352 24.209.105.156:4175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDE53AA8  Ack: 0x72B62D90  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:20.669223 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBEE23A1E  Ack: 0x7368F28C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:24.630828 24.209.105.156:4503 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7570 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEF68674  Ack: 0x72B7DADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:24.759519 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF5289DF  Ack: 0x739265B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:37.780751 24.209.105.156:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC045DF30  Ack: 0x743E2B74  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:37.914298 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC096F10A  Ack: 0x73DE69D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:38.022328 24.209.105.156:4992 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC09939DF  Ack: 0x73E953FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.392513 24.209.105.156:3242 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17200B1  Ack: 0x75054B10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.486776 24.209.105.156:3246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17565ED  Ack: 0x7518DC27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.601557 24.209.105.156:3253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17B0EE9  Ack: 0x74E1D6C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.722309 24.209.105.156:3258 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9700 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC17FC092  Ack: 0x74B23626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.019259 24.209.105.156:3263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1841355  Ack: 0x752EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.130656 24.209.105.156:3345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10005 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC1CA3C60  Ack: 0x752A97F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:19:00.472173 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11183 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2D74C99  Ack: 0x75A2B101  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.450371 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB72CDC  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.474117 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB73290  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:10.480227 24.171.142.32:2547 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23547 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2EE9892  Ack: 0xAF04F23B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:10.974476 24.171.142.32:2563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2FC94F3  Ack: 0xAEA2C7B4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:11.310141 24.171.142.32:2578 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23619 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3083A9C  Ack: 0xAE936B34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:20.699905 24.171.142.32:2957 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24578 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43ED406  Ack: 0xAF2EE52D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:21.030763 24.171.142.32:2971 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24621 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44A23F9  Ack: 0xAF8FBA7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:34:21.388745 24.171.142.32:2986 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24669 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4568F3A  Ack: 0xAEED44CE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:34:21.858001 24.171.142.32:3006 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24737 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x466E5F2  Ack: 0xAFA1069F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:22.240090 24.171.142.32:3023 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24791 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4743311  Ack: 0xAF003EB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:22.777320 24.171.142.32:3052 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24871 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x48BE37A  Ack: 0xAF1C485F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:25.990664 24.171.142.32:3069 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x49A7422  Ack: 0xAFDF8AFB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:26.375979 24.171.142.32:3221 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25321 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51354A9  Ack: 0xAFED2BE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:35.860137 24.171.142.32:3618 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65A7896  Ack: 0xB08E7417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:36.207438 24.171.142.32:3639 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26395 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66A055F  Ack: 0xAFFFA10C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:36.520765 24.171.142.32:3650 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67156F2  Ack: 0xAFE7E40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:39.492478 24.171.142.32:3650 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26696 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67156F2  Ack: 0xAFE7E40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:39.879839 24.171.142.32:3781 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26744 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6DF4CF8  Ack: 0xB0F56022  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:40.260248 24.171.142.32:3794 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26791 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6EB3131  Ack: 0xB08C51A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:49:47.817072 24.239.159.159:3647 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F5758B6  Ack: 0xE9695F9A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:49:47.827608 24.239.159.159:3647 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F575E6A  Ack: 0xE9695F9A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:25.761551 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC997AA90  Ack: 0xB7B22741  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.728826 24.209.105.156:3587 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34014 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA913E84  Ack: 0xB8E78F67  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.824643 24.209.105.156:3691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34030 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE2DFB1  Ack: 0xB8B87BE4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.923511 24.209.105.156:3696 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE6DF77  Ack: 0xB93C9CEB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:39.031894 24.209.105.156:3698 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34058 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAE89B7D  Ack: 0xB8FAEDF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:48.395788 24.209.105.156:3985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34899 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCBD7D6F9  Ack: 0xB9AC0B88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:57.698400 24.209.105.156:4288 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35823 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCD3E1C0  Ack: 0xBA52CF05  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.306152 24.209.105.156:4386 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36048 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD23A3C5  Ack: 0xBA6D3032  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.385207 24.209.105.156:4387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD249205  Ack: 0xBA7F4A0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.461414 24.209.105.156:4388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD25130C  Ack: 0xB9DA5C00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.227240 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD31199B  Ack: 0xBAA69065  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.336767 24.209.105.156:4557 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCDB364B2  Ack: 0xBA956B38  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.418177 24.209.105.156:4666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36929 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCE0ACF7F  Ack: 0xBAEDBB2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.484108 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:12.726705 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37238 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:18.594376 24.209.105.156:4952 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCEFB7F6F  Ack: 0xBB9DBCED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:27.980702 24.209.105.156:3359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39103 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0430FB2  Ack: 0xBBFE4E73  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.771399 24.209.105.156:4494 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22543 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F255C9  Ack: 0xDC7BA09B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.850751 24.209.105.156:4496 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22551 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F43E65  Ack: 0xDBC2C992  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.940196 24.209.105.156:4498 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F5A79A  Ack: 0xDC3C8F3D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:06.911995 24.209.105.156:4756 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23693 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2D28B44  Ack: 0xDC3FA9ED  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:16.200125 24.209.105.156:3137 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x40F54C3  Ack: 0xDCDE1DB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:25.890939 24.209.105.156:3451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25769 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5185DDB  Ack: 0xDDFCBF89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:26.018199 24.209.105.156:3455 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51B2BC0  Ack: 0xDD785420  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.118898 24.209.105.156:3460 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25811 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51F8770  Ack: 0xDDB709F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.222819 24.209.105.156:3470 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5263BFD  Ack: 0xDE132678  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.548796 24.209.105.156:3809 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x640922C  Ack: 0xDE13BF14  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.645778 24.209.105.156:3812 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64380BF  Ack: 0xDE6A7408  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.762439 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27238 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x644D9A6  Ack: 0xDE895085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.866852 24.209.105.156:3817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27258 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6480945  Ack: 0xDE9F2B86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.967204 24.209.105.156:3822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64C5D21  Ack: 0xDEB131A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:36.037599 24.209.105.156:3826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64ED4FC  Ack: 0xDEA71083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:39.381518 24.209.105.156:3949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27721 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6AFEEF4  Ack: 0xDE82176A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.588659 24.209.105.156:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47341 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64221DA7  Ack: 0xFBF2A3BC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.851098 24.209.105.156:4252 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x642F3923  Ack: 0xFC32BD66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.163092 24.209.105.156:4259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6435AF63  Ack: 0xFBFB3AE2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.410159 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x643CD46E  Ack: 0xFC276AB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:58.354123 24.209.105.156:4289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47566 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x644F8E4F  Ack: 0xFC2F5597  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:11.812153 24.209.105.156:4575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49030 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6541689F  Ack: 0xFD7B7FD0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:21.137712 24.209.105.156:4951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x668232BA  Ack: 0xFD4CC0EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.528101 24.209.105.156:4961 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x668AF36C  Ack: 0xFE0CA105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.799465 24.209.105.156:4973 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669587A8  Ack: 0xFD604C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.034566 24.209.105.156:4979 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50179 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669AD08C  Ack: 0xFDD03B61  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.274106 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50206 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A325EF  Ack: 0xFE1282C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.814956 24.209.105.156:4994 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A86385  Ack: 0xFD9D443D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.289863 24.209.105.156:3013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50323 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66B6DC8F  Ack: 0xFDE260B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.784087 24.209.105.156:3023 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE460B  Ack: 0xFDADE307  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.305282 24.209.105.156:3034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66C92254  Ack: 0xFE2E063B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.810547 24.209.105.156:3049 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50493 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66D6EA82  Ack: 0xFE31B5C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.205804 24.209.105.156:3440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8593 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4C789D5  Ack: 0xF9D4EED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.400271 24.209.105.156:3558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8614 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF528343E  Ack: 0xF9ED54AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.493081 24.209.105.156:3559 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8627 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF529868B  Ack: 0xFA7E542E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.585174 24.209.105.156:3564 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8640 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF52E01D8  Ack: 0xFA09E5FC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.681608 24.209.105.156:3567 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF530502D  Ack: 0xFA3D3830  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.789030 24.209.105.156:3572 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5346702  Ack: 0xFA34B1ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.882886 24.209.105.156:3575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8690 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5367FB0  Ack: 0xFA6F3B5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:18.001646 24.209.105.156:3580 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8705 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF53A52A7  Ack: 0xFA524F35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:27.300734 24.209.105.156:3917 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9777 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF650F1EA  Ack: 0xFABB1806  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.751644 24.209.105.156:4254 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10850 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7699477  Ack: 0xFB80BE76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.865878 24.209.105.156:4257 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF76C82CC  Ack: 0xFB5B795C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.015685 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7709A60  Ack: 0xFBCB9263  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.100871 24.209.105.156:4264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10888 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF771EA3C  Ack: 0xFB57B7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.173655 24.209.105.156:4266 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7737AA7  Ack: 0xFB0E9C28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.268913 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10902 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF7749B0C  Ack: 0xFB3012A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:46.663905 24.209.105.156:4530 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11639 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8536013  Ack: 0xFB886E13  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:42.072960 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57599 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:44.516903 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59311 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:50.340597 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63491 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:56.590869 24.243.144.13:1575 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1602 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x217FC062  Ack: 0x8413DAA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:57.537290 24.243.144.13:1819 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2167 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x223659DC  Ack: 0x81F6A3F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:07.620306 24.243.144.13:3708 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8017 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27D631B5  Ack: 0x8870430  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:09.244506 24.243.144.13:3915 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8929 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x286C9B8F  Ack: 0x8DAB98C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:29:19.886612 24.243.144.13:2001 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:15421 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2E87D9A4  Ack: 0x9A08596  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:29:30.921076 24.243.144.13:4047 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21595 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34A21DCA  Ack: 0x9F3C812  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:32.621475 24.243.144.13:4436 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:22636 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x35C9539A  Ack: 0x9F4E9E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:34.312904 24.243.144.13:4757 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36BCC992  Ack: 0xA93100F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:44.988414 24.243.144.13:2895 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CF549FD  Ack: 0xB7BC081  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:55.466169 24.243.144.13:1096 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:37340 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x436B347A  Ack: 0xC36956D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:06.337459 24.243.144.13:2837 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42779 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x489BDF1B  Ack: 0xC92B78B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:08.061226 24.243.144.13:3156 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43678 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x498FD272  Ack: 0xC137AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:10.541618 24.243.144.13:3156 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:45187 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x498FD272  Ack: 0xC137AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:13.135887 24.243.144.13:3940 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46228 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BE94016  Ack: 0xCC6D095  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:15.528882 24.243.144.13:3940 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BE94016  Ack: 0xCC6D095  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:21.530064 24.243.144.13:4786 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4E6EAF32  Ack: 0xD18C780  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:23.233776 24.243.144.13:1698 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51411 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5110FCEB  Ack: 0xCF0EDA7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.105921 24.209.39.246:2099 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60165 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE50FB1ED  Ack: 0x86CAB07D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.288944 24.209.39.246:2113 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60192 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE51B0D9E  Ack: 0x86947CA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.349642 24.209.39.246:2117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60211 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE51E354A  Ack: 0x8680C94C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.246869 24.209.39.246:2414 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61733 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE61C34EC  Ack: 0x878501D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.305203 24.209.39.246:2538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE68337C8  Ack: 0x87824984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.643368 24.209.39.246:2539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62055 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE68462CE  Ack: 0x86F8CE25  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.713611 24.209.39.246:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6D0DC9F  Ack: 0x87C4DD98  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:48.800672 24.209.39.246:2631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE6D2B4B6  Ack: 0x875D7E83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.212047 24.209.39.246:2939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D7AAB4  Ack: 0x8795C37A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.272725 24.209.39.246:2941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D9917B  Ack: 0x87A95139  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.177700 24.209.39.246:3212 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64614 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C2F8D4  Ack: 0x88CE6887  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.283944 24.209.39.246:3343 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9306BF3  Ack: 0x89029D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.372387 24.209.39.246:3346 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64646 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE932C8D9  Ack: 0x893C8243  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.449487 24.209.39.246:3348 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64654 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE934F7DC  Ack: 0x892A4FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.546163 24.209.39.246:3352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE938A1ED  Ack: 0x89241177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:20.821223 24.209.39.246:3605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA13274D  Ack: 0x8962B58F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:47.414750 24.209.39.246:2666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34804 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF54BD8  Ack: 0x48ADFD7C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:57.477624 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36488 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDFE5142  Ack: 0x49DF1F89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:01.271444 24.209.39.246:3063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4D5C9C  Ack: 0x49CE396B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:11.509996 24.209.39.246:3360 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38741 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF4B2043  Ack: 0x4A7799B7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:12.300183 24.209.39.246:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF60A19E  Ack: 0x4A0999E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:22.595079 24.209.39.246:3698 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1069F334  Ack: 0x4A765963  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:23.196773 24.209.39.246:3717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x107AE9A5  Ack: 0x4B3D23AD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:33.420540 24.209.39.246:3993 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42229 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x116642DE  Ack: 0x4CC4FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:37.666100 24.209.39.246:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11D081F4  Ack: 0x4CEC8330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.318080 24.209.39.246:4127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11DED384  Ack: 0x4C682404  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.953085 24.209.39.246:4146 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11EF78F3  Ack: 0x4D0225FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:39.544850 24.209.39.246:4165 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x120089DD  Ack: 0x4CAC441F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.148092 24.209.39.246:4181 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x120DAB74  Ack: 0x4CAA1345  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.693607 24.209.39.246:4193 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1218C173  Ack: 0x4CCBEF73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:41.267671 24.209.39.246:4216 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x122A296A  Ack: 0x4D2AD406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:45.362729 24.209.39.246:4324 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12882298  Ack: 0x4D021340  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:22:36.013963 200.67.24.138:1301 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:48070 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x8FEA3821  Ack: 0x983F29E7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:22:36.066925 200.67.24.138:1301 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:48071 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x8FEA3DCD  Ack: 0x983F29E7  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:45:51.268499 24.209.39.246:1327 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:980 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA25C5F58  Ack: 0xEFDE6431  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.642160 24.209.39.246:1606 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA34A489A  Ack: 0xF0800BB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.741722 24.209.39.246:1611 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2008 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA34E57A4  Ack: 0xEFEA55BA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.820830 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA353400D  Ack: 0xF01C0764  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.901545 24.209.39.246:1620 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3558C58  Ack: 0xF0682BD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:00.978956 24.209.39.246:1622 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA357C688  Ack: 0xF0476B95  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:04.062914 24.209.39.246:1704 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA39B19BD  Ack: 0xF069BAEC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.181548 24.209.39.246:1705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2356 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA39C0789  Ack: 0xF018C80D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.257962 24.209.39.246:1712 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3A22C83  Ack: 0xF0C61006  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.633137 24.209.39.246:1957 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47893F0  Ack: 0xF104651F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.758995 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3526 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47DD442  Ack: 0xF11EEDCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.610690 24.209.39.246:2078 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E00924  Ack: 0xF1629106  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.717550 24.209.39.246:2226 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4617 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA55C6035  Ack: 0xF3011E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.779815 24.209.39.246:2231 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA560846B  Ack: 0xF274DDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.852971 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4645 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5660791  Ack: 0xF260A334  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.952956 24.209.39.246:2240 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4661 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA567D3B4  Ack: 0xF2FC6E86  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:09.571639 24.209.105.156:4016 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5853 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4DCEEE3  Ack: 0xFCE997B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.205921 24.209.105.156:4313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7562 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5DD4FF8  Ack: 0xFCE77C77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.306470 24.209.105.156:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7586 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5E05AF5  Ack: 0xFD1DFDF6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.238016 24.209.105.156:4424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA63E384B  Ack: 0xFDC7A134  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.374401 24.209.105.156:4434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA645F9CB  Ack: 0xFD2538E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:33.239293 24.209.105.156:4688 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA721D58F  Ack: 0xFE5AC83B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:40.538864 24.209.105.156:4799 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA7816C5B  Ack: 0xFE1F26BE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.460723 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12017 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8CEA269  Ack: 0xFEAE03F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.770124 24.209.105.156:3308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12048 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9275481  Ack: 0xFEDFFE8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:54.224527 24.209.105.156:3316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92EA044  Ack: 0xFF079388  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:55.055355 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9467B42  Ack: 0xFF38A8E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:04.763070 24.209.105.156:3640 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA443C02  Ack: 0xFFE20D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.014207 24.209.105.156:3650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA4BCB7E  Ack: 0xFFD3F765  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.450824 24.209.105.156:3657 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13708 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA51D032  Ack: 0x501685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.937731 24.209.105.156:3670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA5CFF98  Ack: 0x2E30AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:06.179624 24.209.105.156:3686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13820 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA6A01A6  Ack: 0x863C0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:41.050697 24.209.39.246:3151 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4401 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F3E5114  Ack: 0x7EA49A3E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:50.691000 24.209.39.246:3450 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x803E8247  Ack: 0x7F692E6F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.438235 24.209.39.246:3538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6333 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x808C87A9  Ack: 0x8016789D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.644183 24.209.39.246:3544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6369 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x80905D1B  Ack: 0x7FC3EF44  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.773017 24.209.39.246:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6388 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8099188A  Ack: 0x7FFFF8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:54.891451 24.209.39.246:3558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809C64A5  Ack: 0x7FEE0E54  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:55.017231 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6426 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809F623F  Ack: 0x8034E782  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:55.091450 24.209.39.246:3563 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6437 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x80A11A12  Ack: 0x80446A7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.538100 24.209.39.246:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E41C86  Ack: 0x803BB5FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.755424 24.209.39.246:3639 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6797 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E9529B  Ack: 0x8089FECA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:08.221245 24.209.39.246:3892 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x81C91635  Ack: 0x80BA816E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.473000 24.209.39.246:4149 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9374 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82AC3DAD  Ack: 0x80F68F79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.877670 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9408 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:20.898172 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9802 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:27.164771 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.058588 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.478937 24.209.39.246:4534 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11292 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83F9770A  Ack: 0x81BCA7F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:39.785645 24.209.39.246:4806 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84E1BF21  Ack: 0x829D13FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.052144 24.209.39.246:4939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB6EFBA0  Ack: 0xD521AD25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.170288 24.209.39.246:4942 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44370 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB7125CE  Ack: 0xD5638833  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.430491 24.209.39.246:1254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC676BE6  Ack: 0xD5C47FBE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.527317 24.209.39.246:1257 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45357 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC6A8DFD  Ack: 0xD6767E43  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.629957 24.209.39.246:1261 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6DF07B  Ack: 0xD5907996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:43.878282 24.209.39.246:1607 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46785 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9738E1  Ack: 0xD6B1782B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:46.975343 24.209.39.246:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47123 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9D7FA5  Ack: 0xD65CF105  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:47.078694 24.209.39.246:1714 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47140 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDF37BF8  Ack: 0xD6643296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.365666 24.209.39.246:1807 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4491F5  Ack: 0xD6D9879F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.525394 24.209.39.246:1810 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE47683E  Ack: 0xD6FB129B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.760110 24.209.39.246:2033 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1071C7  Ack: 0xD7E1F483  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.858795 24.209.39.246:2036 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF12D5BB  Ack: 0xD73098F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.144799 24.209.39.246:2262 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49129 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD506CD  Ack: 0xD7A50D8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.217840 24.209.39.246:2264 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD6C8CE  Ack: 0xD8476BFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.281163 24.209.39.246:2265 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFD7C24E  Ack: 0xD83AB124  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.369972 24.209.39.246:2344 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49500 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x101B34E5  Ack: 0xD837C2E2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.731184 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5264 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C7F416  Ack: 0x2D05AB5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.959313 24.209.105.156:3969 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89CFEE34  Ack: 0x2CF9169C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:57.853579 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A9DFEE0  Ack: 0x2D7AE990  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.210458 24.209.105.156:4618 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7326 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEEF2B4  Ack: 0x2E8A7CE0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.343027 24.209.105.156:4622 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BF268A3  Ack: 0x2DF4302D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:07.446386 24.209.105.156:4625 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BF57560  Ack: 0x2DBCDC5C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:16.762040 24.209.105.156:4919 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8406 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8CE8C40C  Ack: 0x2E77A477  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.133175 24.209.105.156:3005 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8697 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8D31EFDB  Ack: 0x2E9F7506  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.223924 24.209.105.156:3012 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3694A1  Ack: 0x2F52B08B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.306055 24.209.105.156:3015 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D39B59D  Ack: 0x2F1F25C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.412097 24.209.105.156:3018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3BA5FE  Ack: 0x2E814CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.720186 24.209.105.156:3313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8E3AAC97  Ack: 0x3008DF33  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.840280 24.209.105.156:3317 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8E3DE342  Ack: 0x2F508D71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.920485 24.209.105.156:3320 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9843 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E40D0FB  Ack: 0x2FC17A50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.047743 24.209.105.156:3323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9864 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8E439DA6  Ack: 0x2FBA0935  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.167673 24.209.105.156:3330 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E491C53  Ack: 0x2FDEFC85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:38.409414 24.218.160.238:4293 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55235 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x61606C3F  Ack: 0xCEE5FAED  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:48.665824 24.218.160.238:4590 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56760 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x62632F9E  Ack: 0xCFF84CCD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:49.124532 24.218.160.238:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56831 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62723EB7  Ack: 0xD02BD82C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:49.576814 24.218.160.238:4622 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56924 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x627ED207  Ack: 0xCFDD5C23  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:59.417932 24.218.160.238:4914 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58373 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x637D6DE1  Ack: 0xD04D414B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:53:00.057314 24.218.160.238:4923 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58450 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6385FC16  Ack: 0xD0242A80  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:53:09.900673 24.218.160.238:1246 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6487583A  Ack: 0xD1266445  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:10.387546 24.218.160.238:1267 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59998 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x649928F9  Ack: 0xD1AD7589  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:14.481957 24.218.160.238:1368 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60541 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64F490EC  Ack: 0xD19C03E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:14.933501 24.218.160.238:1384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x650157E0  Ack: 0xD116CF97  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:24.935699 24.218.160.238:1643 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65E87645  Ack: 0xD21FA2AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:31.968310 24.218.160.238:1750 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62818 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6646CF03  Ack: 0xD28ED360  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:32.483321 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62903 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716  Ack: 0xD2C1A747  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:35.468378 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63344 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716  Ack: 0xD2C1A747  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:35.968847 24.218.160.238:1952 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66F7D6BC  Ack: 0xD31E166E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:36.465592 24.218.160.238:1962 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63503 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67006847  Ack: 0xD278A822  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:36.945904 24.218.160.238:1985 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67128671  Ack: 0xD31D7E40  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.702040 24.209.105.156:4203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x22F7E7AC  Ack: 0x275DDEB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.877107 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16311 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x22FC0BF7  Ack: 0x279AEB1A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.960500 24.209.105.156:4210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FE1FC4  Ack: 0x274EC4BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.085352 24.209.105.156:4212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FFF8FD  Ack: 0x271FA50B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.182096 24.209.105.156:4218 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16349 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23045518  Ack: 0x2731A3A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.290630 24.209.105.156:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x23079DF8  Ack: 0x279B08A6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.423429 24.209.105.156:4226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x230B3642  Ack: 0x271B65CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:13.736049 24.209.105.156:4308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16578 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x235545D5  Ack: 0x27C4DE16  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.328364 24.209.105.156:4421 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23B4F863  Ack: 0x279F1F0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.425840 24.209.105.156:4507 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23FE9481  Ack: 0x27AA7087  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.319095 24.209.105.156:4798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24EFD0F6  Ack: 0x2906B7EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.398421 24.209.105.156:4914 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18313 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25516B21  Ack: 0x28A7E8A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:42.802073 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19172 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x264646C4  Ack: 0x2AF09645  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.868752 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2694B634  Ack: 0x2A2713CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.972069 24.209.105.156:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19470 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x269916DD  Ack: 0x2A57135F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:46.098697 24.209.105.156:3309 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19485 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x269F79CF  Ack: 0x2A27B41D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:37.553868 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62644 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA192DD5E  Ack: 0x7119847C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:47.498178 24.209.39.246:3837 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63720 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA281E108  Ack: 0x71E279C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:59.840359 24.209.39.246:4166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65402 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3944428  Ack: 0x721E4270  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.200564 24.209.39.246:4275 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:344 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3F1FEC9  Ack: 0x725EC344  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.388853 24.209.39.246:4391 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA451A78E  Ack: 0x727B5704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:03.659764 24.209.39.246:4400 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:412 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA45933B3  Ack: 0x731D3559  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:07.447072 24.209.39.246:4491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:783 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA4AC074C  Ack: 0x73013569  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:11.097161 24.209.39.246:4503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1177 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4B63AD5  Ack: 0x72CAACA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.727433 24.209.39.246:4692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA55A1ACE  Ack: 0x72E70A81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.939930 24.209.39.246:4703 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5636195  Ack: 0x7304C0A3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:00.422658 24.209.39.246:2073 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9DFBC65  Ack: 0x7620A399  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:10.016249 24.209.39.246:2368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8300 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAADB4C19  Ack: 0x76DC53D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.722076 24.209.39.246:2471 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8719 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAB33D055  Ack: 0x771F8A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.830845 24.209.39.246:2485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB3F52DA  Ack: 0x76810866  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.920156 24.209.39.246:2490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8756 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAB43BE24  Ack: 0x76921BB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:14.013789 24.209.39.246:2494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8769 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB473E7C  Ack: 0x76B89DCD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:47:15.178255 24.130.74.15:4936 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63648 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5CA7BE9  Ack: 0x9D09CDA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:47:15.186392 24.130.74.15:4936 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63649 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5CA819D  Ack: 0x9D09CDA9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:42:09.832328 24.165.15.177:4588 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D234B04  Ack: 0x6D75E73E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:42:09.840109 24.165.15.177:4588 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D2350B8  Ack: 0x6D75E73E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:59:58.408866 24.209.39.246:1178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3237 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EDDEDA7  Ack: 0xAF963583  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.230828 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9FF1CFCC  Ack: 0xB0B308C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.374137 24.209.39.246:1631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05AA0A0  Ack: 0xB0B23F34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:20.934168 24.209.39.246:1960 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6824 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA16FF828  Ack: 0xB1A0F720  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:21.127210 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA17750E0  Ack: 0xB0C19948  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.390193 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6901 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA17BC108  Ack: 0xB111C1B3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.731078 24.209.39.246:1981 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6951 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA181DD1B  Ack: 0xB11833CA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.200160 24.209.39.246:2119 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7587 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1F4CE6B  Ack: 0xB17B37A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.318700 24.209.39.246:2123 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7610 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1F8B548  Ack: 0xB11A3C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.440698 24.209.39.246:2126 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1FBEE67  Ack: 0xB1CEB495  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.611247 24.209.39.246:2131 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7662 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA20035BB  Ack: 0xB1D6C110  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.835135 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA204D9EF  Ack: 0xB120F122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:29.406004 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA25AE5ED  Ack: 0xB1A40A87  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.036532 24.209.39.246:2251 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA265D886  Ack: 0xB1C18BD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.403158 24.209.39.246:2272 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2777E4E  Ack: 0xB232C924  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.914714 24.209.39.246:2285 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA28263B7  Ack: 0xB1B98B80  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:01:58.121908 24.209.39.246:4855 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20612 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB23F68E  Ack: 0xB800AC01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:01.531467 24.209.39.246:4867 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21146 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAB2CEF69  Ack: 0xB78C9684  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:04.952476 24.209.39.246:4971 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21580 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAB816012  Ack: 0xB8CA4A8B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:14.904827 24.209.39.246:1367 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACBFFA23  Ack: 0xB8A60908  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:36.743774 24.209.39.246:2012 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEE8A511  Ack: 0xBA2FF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:37.245020 24.209.39.246:2035 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEFB08F9  Ack: 0xBA199275  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:43.751192 24.209.39.246:2162 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF652A28  Ack: 0xBA53B874  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:44.274922 24.209.39.246:2309 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27398 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAFDFD930  Ack: 0xBABA3DCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.245990 24.209.39.246:2427 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0449B26  Ack: 0xBAB76D60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.637632 24.209.39.246:2440 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05079C0  Ack: 0xBB778611  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.044944 24.209.39.246:2456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28101 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05D8702  Ack: 0xBB0B1878  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.518553 24.209.39.246:2465 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28165 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB06583FC  Ack: 0xBAFE1843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.960178 24.209.39.246:2477 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28236 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB07034E8  Ack: 0xBAEB4FE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.400684 24.209.39.246:2489 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28291 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB079B333  Ack: 0xBB53DF17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.701211 24.209.39.246:2500 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB083FB40  Ack: 0xBB2F67CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:51.177254 24.209.39.246:2508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB08B5AAA  Ack: 0xBBA172C1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:45:41.848546 200.50.90.247:4055 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43CBB9F6  Ack: 0x5C119DAE  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:12:23.708479 24.209.196.254:2594 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15586 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60C16AD2  Ack: 0xC120C738  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:12:23.741721 24.209.196.254:2594 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15587 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60C17086  Ack: 0xC120C738  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-16:41:14.237664 129.142.34.137:1273 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51996 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xCB34CF1F  Ack: 0x2F4683BE  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:56:19.400706 24.209.98.148:4397 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:26023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1110C2BD  Ack: 0x682466F0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:56:19.412852 24.209.98.148:4397 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:26024 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1110C871  Ack: 0x682466F0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:02:46.954276 24.209.98.148:3172 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9718 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3597B0C4  Ack: 0x80120D66  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:02:46.962652 24.209.98.148:3172 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3597B678  Ack: 0x80120D66  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:26:25.019770 24.209.196.254:2102 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38498 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF56BE718  Ack: 0xD85CE42E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:26:25.067437 24.209.196.254:2102 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38499 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF56BECCC  Ack: 0xD85CE42E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:41:57.966533 24.25.55.93:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46830 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAA13FEBA  Ack: 0xD94B3CAD  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:00.398291 24.25.55.93:4290 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47079 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAA4FE72B  Ack: 0xD993792A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:00.573030 24.25.55.93:4294 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47091 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAA5328DD  Ack: 0xD9E8B17C  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:03.739936 24.25.55.93:4394 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAAA4A00C  Ack: 0xD9DC20F8  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:06.902659 24.25.55.93:4467 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAAE8DB5A  Ack: 0xD9CA8ECE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-19:42:10.144962 24.25.55.93:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48240 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAAEF3BBA  Ack: 0xDAB5A617  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-19:42:10.410059 24.25.55.93:4569 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48278 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB35B352  Ack: 0xDACDB541  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:10.647219 24.25.55.93:4579 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48328 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAB3DE048  Ack: 0xDAEC7607  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:10.995006 24.25.55.93:4590 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB477057  Ack: 0xDAE42BEB  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:11.232485 24.25.55.93:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48391 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB4D465F  Ack: 0xDAABC37E  Win: 0x44E8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:11.446342 24.25.55.93:4602 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB51E4D1  Ack: 0xDA08A587  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:14.994728 24.25.55.93:4722 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48908 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xABADE261  Ack: 0xDB29939F  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.176464 24.25.55.93:4731 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48934 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xABB4476B  Ack: 0xDAB741DD  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.352777 24.25.55.93:4738 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48952 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xABB8EEBA  Ack: 0xDAC1D9C0  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.507973 24.25.55.93:4748 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48981 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xABBF1A52  Ack: 0xDB2FA6EC  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.697593 24.25.55.93:4760 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49015 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xABC7833D  Ack: 0xDB22A092  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-20:31:05.062022 24.209.196.254:4124 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854D34AC  Ack: 0x933D12D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-20:31:05.081976 24.209.196.254:4124 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854D3A60  Ack: 0x933D12D8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:21.003791 24.98.23.210:4012 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4232 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB781230E  Ack: 0x1ED787CA  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:33.306165 24.98.23.210:4378 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5905 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB8BBC3E4  Ack: 0x1FFE2275  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:34.015639 24.98.23.210:4402 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6001 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8D22F5A  Ack: 0x20EDB237  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:34.669022 24.98.23.210:4415 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6084 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8DF47D2  Ack: 0x202E91DC  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:35.301132 24.98.23.210:4432 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6143 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB8EEE180  Ack: 0x202A9DE5  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-21:08:36.022852 24.98.23.210:4446 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6222 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8FB42EF  Ack: 0x2115246F  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-21:08:36.619067 24.98.23.210:4462 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9096788  Ack: 0x2025BDE6  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:37.473316 24.98.23.210:4480 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6387 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB9194FD8  Ack: 0x20EC46CE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:37.930155 24.98.23.210:4502 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92E3E57  Ack: 0x20F15EC3  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:11.930620 24.98.23.210:3090 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18301 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1E8B661  Ack: 0x26988DB2  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:12.249998 24.98.23.210:3171 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC23380F6  Ack: 0x262D20F5  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:12.725505 24.98.23.210:3182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18413 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC23D2AB6  Ack: 0x2653ECD6  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:13.368049 24.98.23.210:3193 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18481 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC245AB57  Ack: 0x262DD449  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.581827 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55069 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C001  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.590562 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55070 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C5B5  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-00:45:00.926164 24.209.196.254:3191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44598 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2F68D5E  Ack: 0x51C83CBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-00:45:00.954346 24.209.196.254:3191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2F69312  Ack: 0x51C83CBE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:31:56.228112 24.175.171.180:4530 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEC2C140F  Ack: 0xC90DD7BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:31:59.871250 24.175.171.180:4570 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC561455  Ack: 0xC92F1451  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:01.328305 24.175.171.180:4585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:394 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC666061  Ack: 0xC9911903  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:04.665271 24.175.171.180:4596 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:631 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC709D3A  Ack: 0xC8D373C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-03:32:05.360047 24.175.171.180:4641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:677 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC9E0FEE  Ack: 0xC9A31CCC  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-03:32:15.623039 24.175.171.180:4773 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED24A4F6  Ack: 0xCA78539E  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:16.297894 24.175.171.180:4786 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1414 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xED32EB07  Ack: 0xCAA22E42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:29.505346 24.175.171.180:4984 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEDC5675C  Ack: 0xCA47B00A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:39.841226 24.175.171.180:3177 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE77DED2  Ack: 0xCB69A9C9  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:40.500364 24.175.171.180:3194 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3254 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE879DD8  Ack: 0xCB8A77C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:53.585494 24.175.171.180:3349 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEF1D50C6  Ack: 0xCBD9B882  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:54.325686 24.175.171.180:3420 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4417 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEF5C426F  Ack: 0xCBF84647  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:55.239480 24.175.171.180:3436 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF6A84C5  Ack: 0xCC27CF4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:55.548191 24.175.171.180:3452 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4552 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEF79EF2F  Ack: 0xCC756061  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:56.066640 24.175.171.180:3465 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4604 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF84522D  Ack: 0xCD03424B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-09:13:07.683412 24.132.66.239:3888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB588EEA  Ack: 0xD19F6AE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-09:13:07.685868 24.132.66.239:3888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB58949E  Ack: 0xD19F6AE3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.717676 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63146 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F34E  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.725764 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63147 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F902  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:05.455927 24.161.112.40:4345 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17799 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F68F51  Ack: 0x9CF1AEF8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:08.481695 24.161.112.40:4365 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18001 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x80E1C57  Ack: 0x9D48F104  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:13.161360 24.161.112.40:4438 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18318 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x859E9F4  Ack: 0x9CE4838E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:14.824522 24.161.112.40:4461 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18460 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8716510  Ack: 0x9D0E67CF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:16.416300 24.161.112.40:4476 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18561 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8821647  Ack: 0x9D0CD6D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-13:30:21.493958 24.161.112.40:4545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18978 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8C7A4B3  Ack: 0x9E2293CF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-13:30:22.581907 24.161.112.40:4571 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8E22007  Ack: 0x9E15C712  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.039675 24.161.112.40:4740 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20231 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x987026F  Ack: 0x9E360A76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.203961 24.161.112.40:4742 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20246 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98A063A  Ack: 0x9E297D32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.400523 24.161.112.40:4745 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20261 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98CCC28  Ack: 0x9E4B78DF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:35.995859 24.161.112.40:4802 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20644 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C23935  Ack: 0x9E5BE8CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.203692 24.161.112.40:4808 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20685 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C7B628  Ack: 0x9E5A7326  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.389795 24.161.112.40:4814 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20718 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9CD0557  Ack: 0x9EA94F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.576012 24.161.112.40:4818 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D0B46B  Ack: 0x9F30BB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.780614 24.161.112.40:4821 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20779 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9D3D6F8  Ack: 0x9EACB877  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.987973 24.161.112.40:4826 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20811 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D8D4DB  Ack: 0x9EE5F9F5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:47:51.200672 24.209.179.154:2765 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:806 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD21E54BF  Ack: 0xDF924D20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:47:51.209198 24.209.179.154:2765 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD21E5A73  Ack: 0xDF924D20  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:12:59.587290 24.209.179.154:3208 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4196 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66688AA2  Ack: 0x3E6C0591  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:12:59.594556 24.209.179.154:3208 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66689056  Ack: 0x3E6C0591  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:33:01.521639 24.147.143.32:2072 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64513 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20335E79  Ack: 0x89B68057  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:33:01.530892 24.147.143.32:2072 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2033642D  Ack: 0x89B68057  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-15:53:46.018793 24.209.179.154:1822 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1BE0133  Ack: 0xBA5A8AB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-15:53:46.027831 24.209.179.154:1822 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1BE06E7  Ack: 0xBA5A8AB8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-16:33:54.893513 24.209.179.154:2457 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B54E27D  Ack: 0x52451264  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-16:33:54.901292 24.209.179.154:2457 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58556 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B54E831  Ack: 0x52451264  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-18:07:17.428657 68.72.208.32:1975 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55211 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x8DF6ADB5  Ack: 0xB3EE673B  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-18:07:17.534074 68.72.208.32:1975 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55212 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x8DF6B33B  Ack: 0xB3EE673B  Win: 0x4248  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:07:12.962499 24.195.81.51:1644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27680EC  Ack: 0x956BB360  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:07:12.996803 24.195.81.51:1644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27686A0  Ack: 0x956BB360  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:04.067272 24.199.65.162:3350 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60241 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x497F0245  Ack: 0xF3489393  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:04.549435 24.199.65.162:3422 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60278 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x49C0C516  Ack: 0xF417FF98  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:07.671341 24.199.65.162:3457 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60562 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49E4627C  Ack: 0xF46429CB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:13.781924 24.199.65.162:3513 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A1A0A99  Ack: 0xF413D8CC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:16.895817 24.199.65.162:3565 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62010 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A4CD1A2  Ack: 0xF448BBEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-19:32:17.043436 24.199.65.162:3626 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62036 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A84EC4A  Ack: 0xF514CCC6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-19:32:20.180661 24.199.65.162:3695 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62446 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AC1B8F0  Ack: 0xF4A02E9E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:23.315176 24.199.65.162:3701 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62820 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AC6C733  Ack: 0xF47913CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:26.455385 24.199.65.162:3843 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B47B288  Ack: 0xF578CA11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:29.590409 24.199.65.162:3909 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B86A345  Ack: 0xF598EC99  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:12:06.580608 24.209.196.254:3269 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19593 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B8DE014  Ack: 0x6E1AD448  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:12:06.626087 24.209.196.254:3269 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19594 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B8DE5C8  Ack: 0x6E1AD448  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:12.829341 24.63.13.134:3905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36440 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC8CCBEEB  Ack: 0x74BD0D40  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:15.365339 24.63.13.134:3971 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36646 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC9058945  Ack: 0x75696609  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:30.262703 24.63.13.134:4238 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:37951 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC9F19036  Ack: 0x761460EB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:32.972282 24.63.13.134:4358 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:38165 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA5AA350  Ack: 0x7608DBA5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:44.202539 24.63.13.134:4665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39130 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCB60ABFD  Ack: 0x77868265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:45.756386 24.63.13.134:4697 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39273 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB7E1E0D  Ack: 0x76BF1E2D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:46.972455 24.63.13.134:4729 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB9D4060  Ack: 0x7745DCDC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:47.898980 24.63.13.134:4767 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39492 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCBBE89D0  Ack: 0x776C17A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:49.005103 24.63.13.134:4795 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39570 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBD68F23  Ack: 0x778C5685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:50.527460 24.63.13.134:4824 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBE93263  Ack: 0x778040DF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:52.330676 24.63.13.134:4955 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39860 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC1135C5  Ack: 0x77C51DBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:54.160941 24.63.13.134:1046 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40010 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC35C754  Ack: 0x77740CAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:55.379949 24.63.13.134:1083 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40153 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCC57E0DA  Ack: 0x780D3389  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:56.657128 24.63.13.134:1107 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40258 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC6D22EB  Ack: 0x77790642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:58.110150 24.63.13.134:1149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40396 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCC920FE7  Ack: 0x777CDD8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:59.456605 24.63.13.134:1186 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40503 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCCB38A3D  Ack: 0x77900ECA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:41:14.766728 24.209.24.98:1678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:18399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E040B7  Ack: 0xDB6FF9C5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:41:14.786381 24.209.24.98:1678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:18400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E0466B  Ack: 0xDB6FF9C5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:46:17.480014 24.209.196.254:2098 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15512 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2137D9A8  Ack: 0xEE5E6DD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:46:17.503801 24.209.196.254:2098 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15513 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2137DF5C  Ack: 0xEE5E6DD6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:03:58.317021 24.214.128.126:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42756 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB726FBE  Ack: 0x3196C424  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.080591 24.214.128.126:4310 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43310 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC15D223  Ack: 0x31F5B4FA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.340602 24.214.128.126:4313 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43335 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC193AA8  Ack: 0x31E5B7DB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.571846 24.214.128.126:4322 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43354 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC20FACB  Ack: 0x323F79DD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.782270 24.214.128.126:4326 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43363 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC24960D  Ack: 0x31F90207  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:04:18.215451 24.214.128.126:4450 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43787 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACA34F9B  Ack: 0x32D26463  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:04:27.697400 24.214.128.126:4570 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44128 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD2264A8  Ack: 0x32A5278D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:27.926082 24.214.128.126:4574 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44139 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAD25B989  Ack: 0x331A9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:31.160129 24.214.128.126:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44229 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD506A0C  Ack: 0x338564E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:31.459880 24.214.128.126:4620 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44249 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD54155B  Ack: 0x32CE5EB3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:34.988811 24.214.128.126:4665 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD8419D1  Ack: 0x33A14CD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.268357 24.214.128.126:4667 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD8647F1  Ack: 0x3320DB42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.500788 24.214.128.126:4672 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44374 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAD8AD6D6  Ack: 0x3314C736  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.714161 24.214.128.126:4676 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAD8E9445  Ack: 0x33CBB978  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.933494 24.214.128.126:4678 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44404 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAD90F382  Ack: 0x33BBECB5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:45.462240 24.214.128.126:4829 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAE21A6EA  Ack: 0x34485278  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:55:58.312534 24.226.120.167:3778 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27553 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC9BBB059  Ack: 0xF59F0097  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:01.689057 24.226.120.167:3870 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27837 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA0C5971  Ack: 0xF5EB67B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:05.682122 24.226.120.167:3986 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28192 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA7019F4  Ack: 0xF5A52389  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:06.338334 24.226.120.167:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28236 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA7BCAC1  Ack: 0xF598E798  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:16.360409 24.226.120.167:4222 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28844 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCB408786  Ack: 0xF68A3458  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:56:17.102194 24.226.120.167:4236 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28912 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB4BAEC9  Ack: 0xF63D78A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:56:17.731629 24.226.120.167:4265 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28968 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB61017B  Ack: 0xF6525DB7  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:18.396492 24.226.120.167:4280 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29012 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCB6D6F16  Ack: 0xF65A0485  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:19.160145 24.226.120.167:4291 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCB788833  Ack: 0xF6590CE5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:29.246873 24.226.120.167:4538 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29786 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC53B4C3  Ack: 0xF73992F5  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:33.477228 24.226.120.167:4642 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30085 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCCB2D9E7  Ack: 0xF7298C87  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:37.637601 24.226.120.167:4738 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30383 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD07F3D3  Ack: 0xF74653B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:38.240080 24.226.120.167:4754 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30428 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCD15ACA4  Ack: 0xF803C585  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:38.898921 24.226.120.167:4767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30471 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD20A24A  Ack: 0xF75EB018  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:41.799728 24.226.120.167:4767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30651 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD20A24A  Ack: 0xF75EB018  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:42.655259 24.226.120.167:4914 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30733 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCD732EA0  Ack: 0xF82970EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:43.250742 24.226.120.167:4955 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD83E45D  Ack: 0xF7972C45  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:05:10.860325 24.209.179.154:2118 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:56006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0B06E11  Ack: 0x19AC6ECD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:05:10.881764 24.209.179.154:2118 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:56007 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0B073C5  Ack: 0x19AC6ECD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:49.185714 24.157.173.39:1497 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45603 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E1389D  Ack: 0x225991B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:50.314958 24.157.173.39:1507 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45674 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5EC3792  Ack: 0x22C102BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:53.465174 24.157.173.39:1515 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F3FBD8  Ack: 0x233CF9DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:57.231665 24.157.173.39:1601 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B8F21  Ack: 0x2380D656  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:57.841326 24.157.173.39:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x65884F2  Ack: 0x22BDDC30  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:07:58.369133 24.157.173.39:1630 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46284 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x666C9AD  Ack: 0x22EA179C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:08:01.831193 24.157.173.39:1686 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46607 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69CAEB8  Ack: 0x239739C1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:05.018888 24.157.173.39:1730 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46833 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C92F57  Ack: 0x23FCA5A2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:08.352284 24.157.173.39:1732 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47086 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CBF6DF  Ack: 0x2384C20F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:08.804881 24.157.173.39:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F95CE4  Ack: 0x2356B4F8  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:12.211507 24.157.173.39:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47391 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6FE835C  Ack: 0x241EA4EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:12.708957 24.157.173.39:1835 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47429 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x735F00F  Ack: 0x2413A4F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:16.232127 24.157.173.39:1841 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47718 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x73C2406  Ack: 0x23AC0C74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:16.469534 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47752 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E  Ack: 0x245A649D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:19.750377 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47984 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E  Ack: 0x245A649D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:26.266475 24.157.173.39:2018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48517 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7ED1BDF  Ack: 0x24A5B2CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:26.732044 24.157.173.39:2032 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48587 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7FB2E64  Ack: 0x2476C4D5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:32:51.325192 24.122.7.136:4736 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:53299 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9C92D588  Ack: 0x80BBA811  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.292272 24.122.7.136:4984 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:53995 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9D71122C  Ack: 0x81A4D33D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.450739 24.122.7.136:4991 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54013 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D773BD5  Ack: 0x81B4F237  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.629298 24.122.7.136:4998 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D7D4DDD  Ack: 0x81967536  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:11.075029 24.122.7.136:1285 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54807 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E618922  Ack: 0x8283DCC0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:33:11.204300 24.122.7.136:1287 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54819 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E632B8B  Ack: 0x82C57E2A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:33:11.359833 24.122.7.136:1291 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54837 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E6764EF  Ack: 0x82008809  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:00.530934 24.245.2.233:2803 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39608 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5A9A0DF  Ack: 0x244A9F4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:01.970634 24.245.2.233:2821 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB5BD2189  Ack: 0x251223A8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:23.696566 24.245.2.233:3121 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6EB9431  Ack: 0x25FFCA48  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.109329 24.245.2.233:3126 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40487 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6F0EB18  Ack: 0x266B26A4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.505643 24.245.2.233:3131 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB6F6898F  Ack: 0x25FBF7FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.325799 24.245.2.233:3140 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7003845  Ack: 0x2603AE49  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.719867 24.245.2.233:3147 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40548 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7070231  Ack: 0x26436EB1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.130849 24.245.2.233:3151 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40561 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70BBE88  Ack: 0x269A0CC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.545787 24.245.2.233:3154 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40581 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB70FB9AE  Ack: 0x263B45FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.929035 24.245.2.233:3158 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7142E5A  Ack: 0x2678D2CA  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.397163 24.245.2.233:3167 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB71C1EC6  Ack: 0x25C2A253  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.780400 24.245.2.233:3177 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40667 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7268917  Ack: 0x26B1DB4B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:28.180484 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40701 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.141538 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40817 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.745310 24.245.2.233:3236 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40835 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7618A56  Ack: 0x26683F94  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.158121 24.245.2.233:3244 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40854 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB768F9E7  Ack: 0x260F2962  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.596231 24.245.2.233:3252 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB770F442  Ack: 0x26CC8FF2  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:30.302662 24.243.175.144:3749 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49344 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBCA51688  Ack: 0x3CB2D007  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:30.929455 24.243.175.144:3762 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCB0ABAA  Ack: 0x3D25FBD1  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:31.456543 24.243.175.144:3777 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCBE4F1F  Ack: 0x3C70430A  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:32.219687 24.243.175.144:3796 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49545 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBCCE33F6  Ack: 0x3CEA2B22  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:22:42.307878 24.243.175.144:4054 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDB515B3  Ack: 0x3D7D59D1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:22:42.880440 24.243.175.144:4076 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50519 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDC76852  Ack: 0x3DC8D523  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:53.189531 24.243.175.144:4332 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51504 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBEA81E54  Ack: 0x3E2E50D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:57.580699 24.243.175.144:4460 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF1652A2  Ack: 0x3EA76657  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:58.275678 24.243.175.144:4485 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52129 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF2B17DB  Ack: 0x3EDDF171  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:59.166570 24.243.175.144:4503 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF3A00A0  Ack: 0x3E1062FB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:02.917076 24.243.175.144:4598 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52580 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8DE39C  Ack: 0x3EB0F0EA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:25.200132 24.243.175.144:1246 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54498 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC1594EA1  Ack: 0x3FDE1BCC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:25.937885 24.243.175.144:1263 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54560 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1682CB3  Ack: 0x40774F84  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:26.754713 24.243.175.144:1285 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54628 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC17CDF28  Ack: 0x405F078F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:40.157101 24.243.175.144:1559 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC27139E4  Ack: 0x4149AFD2  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:32:57.802390 66.196.65.24:63552 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:1348 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x42948918  Ack: 0x6413DAC6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:48:58.193563 24.42.35.231:3386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44071 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEC4ACC0  Ack: 0xA0CA04E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:48:58.258151 24.42.35.231:3386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44072 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEC4B274  Ack: 0xA0CA04E6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-02:16:18.353498 24.157.60.48:2016 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37FC8A15  Ack: 0xEAF9BA65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-02:16:18.417861 24.157.60.48:2016 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37FC8FC9  Ack: 0xEAF9BA65  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:27.366918 24.98.22.117:3587 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16666 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8CB64D5D  Ack: 0x7A37AF52  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:28.060328 24.98.22.117:3688 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8D021B6C  Ack: 0x7B00C6EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:28.341857 24.98.22.117:3697 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16863 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8D087BCB  Ack: 0x7B328B66  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:38.106433 24.98.22.117:3998 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18119 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8E0979DE  Ack: 0x7BA57C2D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:39.036019 24.98.22.117:4087 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18166 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E4D8536  Ack: 0x7B4687D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-04:02:51.904691 24.98.22.117:4467 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:19762 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8F8E4183  Ack: 0x7C4C4FE6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-04:02:55.365836 24.98.22.117:4574 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20147 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8FEB1001  Ack: 0x7C7BEC14  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:55.939711 24.98.22.117:4807 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20278 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x906746DF  Ack: 0x7BF6A980  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:56.457822 24.98.22.117:4856 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9075CD38  Ack: 0x7CE60C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:30.173443 24.147.143.32:4278 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5638 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF88C1EBE  Ack: 0x12449177  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:33.811437 24.147.143.32:4294 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5952 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF89A32D2  Ack: 0x1255F093  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:33.998086 24.147.143.32:4402 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5982 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8F47D23  Ack: 0x1285F3F5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:37.305855 24.147.143.32:4526 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF95CD282  Ack: 0x1321F2E8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:37.486232 24.147.143.32:4531 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF9616127  Ack: 0x1342A96B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:13:37.702856 24.147.143.32:4543 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF96BA31B  Ack: 0x12A81735  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:13:40.873201 24.147.143.32:4624 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6620 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9AF85E5  Ack: 0x13494189  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:41.071955 24.147.143.32:4630 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6635 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9B534E5  Ack: 0x1386A616  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:41.242932 24.147.143.32:4634 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9B8EEF6  Ack: 0x12FC36E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:44.437350 24.147.143.32:4741 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6979 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA12A242  Ack: 0x136DB9DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:44.624749 24.147.143.32:4746 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA16A85C  Ack: 0x138C0932  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:47.809442 24.147.143.32:4881 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA850828  Ack: 0x139C623F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:47.996192 24.147.143.32:4893 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7424 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA8E49E2  Ack: 0x13D1B426  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:48.152694 24.147.143.32:4895 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7435 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFA904684  Ack: 0x13EE73D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:48.325912 24.147.143.32:4903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7466 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFA965153  Ack: 0x134705D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:51.496695 24.147.143.32:4994 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7741 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE206D9  Ack: 0x136415B3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:23:50.223040 66.77.73.64:3715 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:60480 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0xCE2142F2  Ack: 0x397A2E37  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 240485034 1303706320 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-10:59:19.725573 24.132.129.206:3811 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34C0B32E  Ack: 0xA287FEA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-10:59:19.726880 24.132.129.206:3811 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34C0B8E2  Ack: 0xA287FEA0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:39.990177 24.74.84.124:2693 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27597 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7204CC0B  Ack: 0x83F9E739  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:41.906877 24.74.84.124:2746 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27862 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x72326573  Ack: 0x832E50D3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:43.696150 24.74.84.124:2796 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x725DEA2A  Ack: 0x8350A2B6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:06.409016 24.74.84.124:3454 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x74949C61  Ack: 0x85865419  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:11.019717 24.74.84.124:3587 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7502CB18  Ack: 0x858B08D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-13:07:12.721001 24.74.84.124:3631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x752A32CD  Ack: 0x8531574E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-13:07:14.580790 24.74.84.124:3678 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32470 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7553420C  Ack: 0x85AB717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:16.664943 24.74.84.124:3734 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32720 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7582CC34  Ack: 0x857BBD4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:27.734108 24.74.84.124:4027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34149 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x767CD6D2  Ack: 0x86838301  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:29.743542 24.74.84.124:4083 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76A9594C  Ack: 0x8686F052  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:31.410778 24.74.84.124:4141 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76DD4E70  Ack: 0x86B81689  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:33.202141 24.74.84.124:4188 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34885 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7706803C  Ack: 0x86E691AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:43.876671 24.74.84.124:4492 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36397 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x78115094  Ack: 0x873D1FED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:45.484626 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36647 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7  Ack: 0x8777FFAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:48.561431 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7  Ack: 0x8777FFAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:56.218073 24.74.84.124:4875 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38236 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7957B965  Ack: 0x8843A5BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:08:06.904639 24.74.84.124:1225 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39757 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A60F0CA  Ack: 0x88E2303D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:28:45.635768 24.98.209.119:3531 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11949 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0x2F1C799  Ack: 0xD54A9526  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:28:45.646876 24.98.209.119:3531 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11950 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0x2F1CCCD  Ack: 0xD54A9526  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-14:36:00.488288 66.77.73.149:1668 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49909 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0xB3777FFE  Ack: 0xD477C23B  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 242419408 1313299405 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:07:49.983844 24.42.59.140:1224 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:17745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3059BA1A  Ack: 0x4BEACDB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:07:50.047206 24.42.59.140:1224 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:17747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3059BFCE  Ack: 0x4BEACDB3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:44.924055 24.209.39.246:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5B40E6F  Ack: 0xA3D15401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:56.209416 24.209.39.246:4178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29198 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB6AAC3A6  Ack: 0xA470F415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:57.404619 24.209.39.246:4214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6CC1807  Ack: 0xA542EFCF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:11.314921 24.209.39.246:4523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB7D97D45  Ack: 0xA561BC76  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:12.814806 24.209.39.246:4633 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31746 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB83C4885  Ack: 0xA5453C8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:16.744185 24.209.39.246:4676 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32385 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8628417  Ack: 0xA5AE1B7E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:17.765475 24.209.39.246:4793 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32544 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8C81BC0  Ack: 0xA585636D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:18.921482 24.209.39.246:4826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32714 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB8E2F3ED  Ack: 0xA606EFD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:20.046213 24.209.39.246:4857 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB8FE87F6  Ack: 0xA6301A36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:30.560309 24.209.39.246:1163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9F941A7  Ack: 0xA69FFA90  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:31.575245 24.209.39.246:1186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA0E819E  Ack: 0xA7035D1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:42.115106 24.209.39.246:1456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36111 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAFD9457  Ack: 0xA76872B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:43.154745 24.209.39.246:1490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36281 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBB1BAF1A  Ack: 0xA7326F90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:47.177938 24.209.39.246:1597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB796D0E  Ack: 0xA78CE31C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:48.331645 24.209.39.246:1628 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37039 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBB94B1A0  Ack: 0xA808B034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:49.468706 24.209.39.246:1660 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBB0409B  Ack: 0xA7AEDAE9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:20.233687 24.209.39.246:1365 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11850 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4FE9846D  Ack: 0x7A54320  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:25.097987 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12644 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x50656E18  Ack: 0x8A9761D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:26.480147 24.209.39.246:1547 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5086AB7D  Ack: 0x8303D39  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:30.780620 24.209.39.246:1695 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13615 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5108BE6D  Ack: 0x8D6B55B  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:40.398743 24.209.39.246:1947 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51E69C46  Ack: 0x8FB54B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:45.109783 24.209.39.246:2084 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15806 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x525C4FFD  Ack: 0x9390D0C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:46.335751 24.209.39.246:2116 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16016 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x52766FAC  Ack: 0xA2DAB67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:51.245331 24.209.39.246:2263 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16823 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52F14744  Ack: 0xA038EF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:53.134804 24.209.39.246:2311 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5317C05B  Ack: 0xA3ED2E7  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:05.280939 24.209.39.246:2564 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F7F851  Ack: 0xA85194D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:10.319067 24.209.39.246:2780 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19656 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54B22048  Ack: 0xB9DB3B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:11.799600 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:14.581009 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:15.977163 24.209.39.246:2934 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20487 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55373927  Ack: 0xB43C970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:27.032524 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56329ACA  Ack: 0xBD2C19B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-17:50:10.916345 24.71.225.134:1973 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4892803  Ack: 0xB2287296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-17:50:10.952300 24.71.225.134:1973 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43703 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4892DB7  Ack: 0xB2287296  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.098157 24.209.39.246:1351 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3002FE0C  Ack: 0x6D3C2FEB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.909022 24.209.39.246:1370 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9828 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3013DDAC  Ack: 0x6D235298  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:46.070571 24.209.39.246:1390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30254629  Ack: 0x6DAEB449  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:50.409052 24.209.39.246:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x309791C7  Ack: 0x6DE91474  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:54.787283 24.209.39.246:1640 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FC9E52  Ack: 0x6DE5E655  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:39:55.654267 24.209.39.246:1666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3113155A  Ack: 0x6DFD988F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:40:00.087720 24.209.39.246:1783 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x317750E8  Ack: 0x6DB4F2A2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:13.684696 24.209.39.246:2069 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14123 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x327235EE  Ack: 0x6ECF0385  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:23.899919 24.209.39.246:2537 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x340467E4  Ack: 0x708D325D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:28.249658 24.209.39.246:2687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34843333  Ack: 0x70D33F07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:29.005637 24.209.39.246:2720 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x349FA21D  Ack: 0x70E02E57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:33.411485 24.209.39.246:2878 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3527C172  Ack: 0x7110BA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:34.689412 24.209.39.246:2928 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18097 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x355141F5  Ack: 0x70BC2089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:35.534513 24.209.39.246:2952 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3566656F  Ack: 0x713A9A86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:39.694050 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18912 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x357ADF5B  Ack: 0x71BB8D0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:50.120275 24.209.39.246:3393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20623 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36E26B49  Ack: 0x7263FBFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:56:55.083258 24.209.39.246:4909 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35754 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x993DE086  Ack: 0xAE5098B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:07.924578 24.209.39.246:1539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37777 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B44F9B5  Ack: 0xAF5C3A48  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:08.560136 24.209.39.246:1652 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37864 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9BA6BDB3  Ack: 0xAFDC11AE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.314914 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39458 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CB1023E  Ack: 0xAFF95601  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.666173 24.209.39.246:1975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39535 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CBBDF34  Ack: 0xB04806AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.730454 24.209.39.246:1991 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40214 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9CC96653  Ack: 0xB06AE0DB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.842512 24.209.39.246:2112 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9D2A9127  Ack: 0xB011F2EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:21.932233 24.209.39.246:2120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40265 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9D30BE25  Ack: 0xB039AD5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.023235 24.209.39.246:2125 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40286 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D345BAD  Ack: 0xB0B82C19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.087768 24.209.39.246:2127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D3627CE  Ack: 0xB06B7DB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.177083 24.209.39.246:2130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40316 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D38C9F1  Ack: 0xB03AA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:35.833184 24.209.39.246:2516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42400 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E859E0E  Ack: 0xB0E1CBF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:36.416901 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:39.185416 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.060808 24.209.39.246:2662 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43152 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9F012E6D  Ack: 0xB10B977D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.490372 24.209.39.246:2683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F13ABEA  Ack: 0xB1312D5B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-19:21:44.350410 66.77.73.209:4841 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:23614 IpLen:20 DgmLen:218 DF
***AP*** Seq: 0x244775DE  Ack: 0xBE3F64B  Win: 0x4020  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2911874284 1322079987 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:35.011238 24.245.36.142:1695 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15101 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC12B31F  Ack: 0xB103F417  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:36.003367 24.245.36.142:1750 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15249 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC3FA34A  Ack: 0xB1706C11  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:39.191329 24.245.36.142:1763 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15696 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC4B1265  Ack: 0xB17C2674  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:39.703602 24.245.36.142:1882 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15780 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACADA30C  Ack: 0xB13B3F98  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-21:52:15.119912 66.196.65.24:35307 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:4963 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD33F0B71  Ack: 0x4504E086  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:51.189570 24.205.137.12:4606 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51634 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E844F45  Ack: 0x38E66197  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:56.451658 24.205.137.12:4685 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51935 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3ED37A81  Ack: 0x39AD54C5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:57.789614 24.205.137.12:4707 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51984 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3EE7C779  Ack: 0x39EB3208  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:08.550198 24.205.137.12:4850 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52476 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3F7B5A8A  Ack: 0x39C9836D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:09.490636 24.205.137.12:4866 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52527 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3F8CA7BE  Ack: 0x3A5621DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-00:05:10.617154 24.205.137.12:4879 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52574 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3F97FE16  Ack: 0x3A9F7077  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-00:05:22.137754 24.205.137.12:1082 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52965 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x40167554  Ack: 0x3B93B767  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:24.153519 24.205.137.12:1110 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53046 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4033C46C  Ack: 0x3BBCCE28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:25.105801 24.205.137.12:1134 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x404E9FB1  Ack: 0x3C798626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:26.499070 24.205.137.12:1142 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53143 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4058961A  Ack: 0x3C0A0BE6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:28.143554 24.205.137.12:1164 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53214 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x406D34B8  Ack: 0x3C592269  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:33.535164 24.205.137.12:1222 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53397 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x40ACD8DA  Ack: 0x3C892B3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:47.355740 24.205.137.12:1354 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53961 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x413D9A01  Ack: 0x3D9DC063  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:48.450725 24.205.137.12:1410 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54004 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4177C955  Ack: 0x3D53B1E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:49.711542 24.205.137.12:1426 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54058 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x418829CC  Ack: 0x3D767759  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:06:00.657885 24.205.137.12:1580 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x422233A8  Ack: 0x3E34B0AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:51:13.016005 211.167.226.78:1904 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:49626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE731EAD5  Ack: 0xE8F59557  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:51:13.037445 211.167.226.78:1904 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:49627 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE731F089  Ack: 0xE8F59557  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:54:33.217394 211.167.226.78:4095 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:17159 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFADDC189  Ack: 0xF5F7C72B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:54:33.243197 211.167.226.78:4095 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:17160 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFADDC73D  Ack: 0xF5F7C72B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:55:17.085021 211.167.226.78:1705 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:24734 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF3478AC  Ack: 0xF840F8EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:55:17.095076 211.167.226.78:1705 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:24735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF347E60  Ack: 0xF840F8EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.245005 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640861  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.266825 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640E15  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-05:59:05.363919 219.155.227.106:1952 -> 192.168.1.6:80
TCP TTL:34 TOS:0x0 ID:22619 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xDE465C18  Ack: 0x735B1BBC  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-05:59:05.383874 219.155.227.106:1952 -> 192.168.1.6:80
TCP TTL:34 TOS:0x0 ID:22620 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xDE46617C  Ack: 0x735B1BBC  Win: 0x40B0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:38.310179 24.84.94.195:4393 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29203 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2157D68C  Ack: 0x116AC415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:38.863084 24.84.94.195:4401 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29264 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x215F9027  Ack: 0x113C7B25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:42.464615 24.84.94.195:4477 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21A2D475  Ack: 0x1194F726  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:42.880494 24.84.94.195:4478 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29603 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21A45EB4  Ack: 0x1152C703  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:52.545130 24.84.94.195:4734 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30652 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22720299  Ack: 0x124B4724  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-06:40:52.762452 24.84.94.195:4736 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30664 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2273BAA5  Ack: 0x124F4487  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-06:40:52.976680 24.84.94.195:4742 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30680 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2277F858  Ack: 0x11F2E9EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:53.198050 24.84.94.195:4748 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30696 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x227D2B0E  Ack: 0x11EA1EBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:56.408299 24.84.94.195:4814 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22B5AF8C  Ack: 0x12BCE2F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:56.632802 24.84.94.195:4822 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22BAB01D  Ack: 0x1239F164  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:09.444844 24.84.94.195:3098 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31933 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x236C6308  Ack: 0x125698DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:12.580036 24.84.94.195:3154 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:32221 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x239FC04C  Ack: 0x1300F546  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:22.568276 24.84.94.195:3415 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33056 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x248C800F  Ack: 0x13DAE2E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:23.000097 24.84.94.195:3428 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33128 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24980145  Ack: 0x140526C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:25.789871 24.84.94.195:3428 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33464 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24980145  Ack: 0x140526C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:26.303368 24.84.94.195:3518 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33522 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x24E5A99C  Ack: 0x13DFD154  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:29.860761 24.84.94.195:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x251DA2F8  Ack: 0x14199717  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-08:14:02.290169 66.196.65.24:6414 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:16430 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xED59532C  Ack: 0x71B1D1F6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.881196 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DA5FD  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.902980 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DABB1  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.876576 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72AD58  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.896691 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72B30C  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-11:04:48.366684 216.39.50.13:40289 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47691 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x993E7542  Ack: 0xF6281AC2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 507563799 1351060617 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:03.685512 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5A7CC  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:06.130117 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5AD80  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:20.641971 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:27824 IpLen:20 DgmLen:68
******S* Seq: 0xC60713FF  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189292 0 NOP 
TCP Options => NOP CCNEW: 13443299

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.415396 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:32979 IpLen:20 DgmLen:68
******S* Seq: 0xC6D66004  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189297 0 NOP 
TCP Options => NOP CCNEW: 13443478

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.634732 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33507 IpLen:20 DgmLen:68
******S* Seq: 0xC6ED603E  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189297 0 NOP 
TCP Options => NOP CCNEW: 13443499

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.924799 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33925 IpLen:20 DgmLen:68
******S* Seq: 0xC70377E4  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189298 0 NOP 
TCP Options => NOP CCNEW: 13443518

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.964927 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33953 IpLen:20 DgmLen:68
******S* Seq: 0xC705AE04  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189298 0 NOP 
TCP Options => NOP CCNEW: 13443520

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:24.366692 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:34653 IpLen:20 DgmLen:68
******S* Seq: 0xC722BC18  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189299 0 NOP 
TCP Options => NOP CCNEW: 13443546

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:25.107636 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:35809 IpLen:20 DgmLen:68
******S* Seq: 0xC7524867  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189300 0 NOP 
TCP Options => NOP CCNEW: 13443588

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:25.451424 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:36405 IpLen:20 DgmLen:68
******S* Seq: 0xC7683241  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189301 0 NOP 
TCP Options => NOP CCNEW: 13443610

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:26.471661 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:38279 IpLen:20 DgmLen:68
******S* Seq: 0xC7A51FD6  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189303 0 NOP 
TCP Options => NOP CCNEW: 13443663

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:26.781267 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:38917 IpLen:20 DgmLen:68
******S* Seq: 0xC7BD243A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189303 0 NOP 
TCP Options => NOP CCNEW: 13443687

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:27.218493 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:39703 IpLen:20 DgmLen:68
******S* Seq: 0xC7D909AA  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189304 0 NOP 
TCP Options => NOP CCNEW: 13443710

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:27.452834 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:40113 IpLen:20 DgmLen:68
******S* Seq: 0xC7EC3C8A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189305 0 NOP 
TCP Options => NOP CCNEW: 13443726

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:29.816534 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:44201 IpLen:20 DgmLen:68
******S* Seq: 0xC8860653  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189309 0 NOP 
TCP Options => NOP CCNEW: 13443861

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.518786 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52282 IpLen:20 DgmLen:68
******S* Seq: 0xC991651E  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189316 0 NOP 
TCP Options => NOP CCNEW: 13444095

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.620228 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52420 IpLen:20 DgmLen:68
******S* Seq: 0xC995D20F  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189317 0 NOP 
TCP Options => NOP CCNEW: 13444097

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.735115 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52642 IpLen:20 DgmLen:68
******S* Seq: 0xC99D5336  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189317 0 NOP 
TCP Options => NOP CCNEW: 13444103

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:34.835001 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:54234 IpLen:20 DgmLen:68
******S* Seq: 0xC9E64A4B  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189319 0 NOP 
TCP Options => NOP CCNEW: 13444169

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:35.364117 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:55168 IpLen:20 DgmLen:68
******S* Seq: 0xCA08E6A3  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189320 0 NOP 
TCP Options => NOP CCNEW: 13444200

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:35.589487 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:55366 IpLen:20 DgmLen:68
******S* Seq: 0xCA10FCDB  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189321 0 NOP 
TCP Options => NOP CCNEW: 13444204

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.117237 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:541 IpLen:20 DgmLen:68
******S* Seq: 0xCB7D6784  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189331 0 NOP 
TCP Options => NOP CCNEW: 13444523

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.470640 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:1009 IpLen:20 DgmLen:68
******S* Seq: 0xCB979201  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189332 0 NOP 
TCP Options => NOP CCNEW: 13444548

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.486389 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:1011 IpLen:20 DgmLen:68
******S* Seq: 0xCB99735F  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189332 0 NOP 
TCP Options => NOP CCNEW: 13444549

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:42.875983 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:3288 IpLen:20 DgmLen:68
******S* Seq: 0xCBEAE86B  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189335 0 NOP 
TCP Options => NOP CCNEW: 13444623

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.006581 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5370 IpLen:20 DgmLen:68
******S* Seq: 0xCC2E314A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444677

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.122367 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5508 IpLen:20 DgmLen:68
******S* Seq: 0xCC3371C4  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444681

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.307951 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5876 IpLen:20 DgmLen:68
******S* Seq: 0xCC3CF2AA  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444689

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:45.972298 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:8978 IpLen:20 DgmLen:68
******S* Seq: 0xCC9E2254  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189341 0 NOP 
TCP Options => NOP CCNEW: 13444776

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.159136 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:10645 IpLen:20 DgmLen:68
******S* Seq: 0xCCC78598  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444812

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.320532 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:10857 IpLen:20 DgmLen:68
******S* Seq: 0xCCCE44B7  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444818

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.399404 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:11079 IpLen:20 DgmLen:68
******S* Seq: 0xCCD33006  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444821

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:48.119268 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:12207 IpLen:20 DgmLen:68
******S* Seq: 0xCCF36F75  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189345 0 NOP 
TCP Options => NOP CCNEW: 13444850

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:49.669921 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:14846 IpLen:20 DgmLen:68
******S* Seq: 0xCD3D9548  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189348 0 NOP 
TCP Options => NOP CCNEW: 13444915

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:53.758125 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:21731 IpLen:20 DgmLen:68
******S* Seq: 0xCE1A2B1A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445100

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:53.962558 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:22151 IpLen:20 DgmLen:68
******S* Seq: 0xCE277940  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445113

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:54.095659 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:22355 IpLen:20 DgmLen:68
******S* Seq: 0xCE2BA220  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445117

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:55.507723 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:24146 IpLen:20 DgmLen:68
******S* Seq: 0xCE7843DB  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189359 0 NOP 
TCP Options => NOP CCNEW: 13445184

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:56.624254 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:26305 IpLen:20 DgmLen:68
******S* Seq: 0xCEBF1E30  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189361 0 NOP 
TCP Options => NOP CCNEW: 13445250

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:58.328224 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:28741 IpLen:20 DgmLen:68
******S* Seq: 0xCF1BC1CF  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189364 0 NOP 
TCP Options => NOP CCNEW: 13445331

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-13:55:16.272729 24.173.130.70:3834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:50771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A7638D4  Ack: 0x7AB9AE6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-13:55:16.280168 24.173.130.70:3834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:50772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A763E88  Ack: 0x7AB9AE6E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-15:00:42.968440 213.145.174.123:2496 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AB3908E  Ack: 0x71E9DF59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-15:00:42.992707 213.145.174.123:2496 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AB39642  Ack: 0x71E9DF59  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-16:15:44.738516 24.91.112.149:3311 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:51791 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCD06664  Ack: 0x8D5606E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-16:15:44.746516 24.91.112.149:3311 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:51792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCD06C18  Ack: 0x8D5606E9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:42:49.470944 24.130.75.33:3057 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14621 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6F3B8BA2  Ack: 0xD62DB1C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:42:57.729398 24.130.75.33:3207 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14956 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6FD33B16  Ack: 0xD6214451  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:01.739043 24.130.75.33:3223 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15093 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE33639  Ack: 0xD6CEE10A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:02.963723 24.130.75.33:3273 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15133 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7016BB09  Ack: 0xD6745C99  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:07.485147 24.130.75.33:3337 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15314 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x705928CB  Ack: 0xD6D7ACC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-17:43:13.999388 24.130.75.33:3400 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15654 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7095F015  Ack: 0xD807DB84  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:10:06.729241 24.209.196.254:3174 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5249D57C  Ack: 0x3D9C35AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:10:06.750754 24.209.196.254:3174 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5249DB30  Ack: 0x3D9C35AF  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/08-18:19:23.598359 209.17.64.226 -> 192.168.1.6
ICMP TTL:232 TOS:0x0 ID:32648 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:33860 -> 209.17.84.252:113
TCP TTL:48 TOS:0x0 ID:48601 IpLen:20 DgmLen:60 DF
Seq: 0x5F7BE985  Ack: 0xEBD7BA3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.061862 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1A32  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.097062 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1FE6  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:31:52.040908 24.209.196.254:2506 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52144 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83E41AE8  Ack: 0x5551C5E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:31:52.050587 24.209.196.254:2506 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52145 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83E4209C  Ack: 0x5551C5E0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:53:08.870724 24.209.196.254:1096 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43868 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8BDDA7A  Ack: 0xA533185D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:53:08.902164 24.209.196.254:1096 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43869 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8BDE02E  Ack: 0xA533185D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:05:01.154987 24.209.196.254:3993 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38E897B7  Ack: 0xD2B8716B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:05:01.187835 24.209.196.254:3993 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38E89D6B  Ack: 0xD2B8716B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:46.323936 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FC576  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:46.334620 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FCB2A  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:49.017136 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FCB2A  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.689751 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x621620B1  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.710674 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62162665  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.570259 24.123.41.130:3354 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41422 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC3DA05EA  Ack: 0x2CF5C1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.877603 24.123.41.130:3375 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41489 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC3E8B790  Ack: 0x2D633FCD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.996218 24.123.41.130:3387 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC3F1A67C  Ack: 0x2D1B2369  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:17.114135 24.123.41.130:3401 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41551 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC3FAFB3C  Ack: 0x2D08AD16  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:17.249950 24.123.41.130:3406 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC3FE8C88  Ack: 0x2DA92939  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-21:29:27.077377 24.123.41.130:4004 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43879 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC5D90FD9  Ack: 0x2D73CAB4  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-21:29:36.480037 24.123.41.130:4545 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45730 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC7815AC6  Ack: 0x2E7E6356  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:36.588855 24.123.41.130:4549 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45752 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC7856167  Ack: 0x2E92E9F2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:45.923674 24.123.41.130:3266 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47724 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC937D7BB  Ack: 0x2EC27442  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.091493 24.123.41.130:3273 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47766 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC93CBAC4  Ack: 0x2F3224C2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.256710 24.123.41.130:3283 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47803 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC9449D66  Ack: 0x2EC2C23E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.412599 24.123.41.130:3291 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47841 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC94B1E69  Ack: 0x2EB2F8A0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.573751 24.123.41.130:3301 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47881 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC953958E  Ack: 0x2F1A4481  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:49.890131 24.123.41.130:3301 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:48645 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC953958E  Ack: 0x2F1A4481  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:55.699617 24.123.41.130:3822 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAEA0408  Ack: 0x2F64DE74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:55.783494 24.123.41.130:3828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49649 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCAEE9C83  Ack: 0x2FCCFFD6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:30:08.784003 24.123.41.130:4375 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC9BCF7E  Ack: 0x3025CEB3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:07:29.449955 24.209.196.254:4397 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x808D83F3  Ack: 0xBD90EE10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:07:29.523217 24.209.196.254:4397 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19983 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x808D89A7  Ack: 0xBD90EE10  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:29:52.218670 24.233.151.10:2996 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF04EB045  Ack: 0x126B8341  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:29:52.243805 24.233.151.10:2996 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF04EB5F9  Ack: 0x126B8341  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:39:24.975881 24.145.197.96:3264 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889731EF  Ack: 0x362C970F  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:39:24.983066 24.145.197.96:3264 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889737A3  Ack: 0x362C970F  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:14.135635 24.29.111.166:2437 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15274 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCE56A14C  Ack: 0xC7AAF56C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:15.770429 24.29.111.166:2569 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15643 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCE9F7AAD  Ack: 0xC7B8DC7B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:16.904464 24.29.111.166:2745 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCEFDBD5D  Ack: 0xC7FEB2F6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:26.788946 24.29.111.166:4251 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19105 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD2106898  Ack: 0xC94BD6BF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:37.118432 24.29.111.166:4493 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0xD26994BD  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:41:37.660727 24.29.111.166:1492 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22034 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD48DA4D0  Ack: 0xC9F51780  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:41:42.085970 24.29.111.166:1754 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23258 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55D350D  Ack: 0xC9931C3B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:43.414276 24.29.111.166:1885 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23502 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD5B920D0  Ack: 0xC9AAA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:44.506323 24.29.111.166:1959 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23745 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5F14CB9  Ack: 0xCA10601F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:56:29.958304 216.39.50.54:54678 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:3055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA220C5B0  Ack: 0x1072451  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 513265232 1380306377 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:37.107324 24.98.22.117:3092 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31817 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF5F8222  Ack: 0x4DEB066E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:42.364204 24.98.22.117:3170 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32246 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCFAD6167  Ack: 0x4E3DB34D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:46.213461 24.98.22.117:3182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFB8EE24  Ack: 0x4EEB02E7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:47.044562 24.98.22.117:3239 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32607 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFECD2D6  Ack: 0x4F52126D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:56.846516 24.98.22.117:3381 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD07A9D9A  Ack: 0x501C606C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-04:24:57.506199 24.98.22.117:3388 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33411 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD082A059  Ack: 0x5075DD0C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-04:25:01.627037 24.98.22.117:3444 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33724 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD0B91B92  Ack: 0x5025667C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:11.630455 24.98.22.117:3575 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:34450 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD13C72C2  Ack: 0x51091E4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:12.412330 24.98.22.117:3582 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:34514 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD144AF19  Ack: 0x50D273E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:22.184746 24.98.22.117:3724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1D4D108  Ack: 0x515FD3AF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:22.880494 24.98.22.117:3739 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35369 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1E18CB7  Ack: 0x52521CB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:23.510219 24.98.22.117:3747 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1EA841B  Ack: 0x520F7FE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:33.195970 24.98.22.117:3885 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36211 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD274F463  Ack: 0x523C4383  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:37.010169 24.98.22.117:3950 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2B1A0E8  Ack: 0x52973179  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:37.643553 24.98.22.117:3960 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36631 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD2BC464C  Ack: 0x53269E8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:38.395559 24.98.22.117:3972 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2C7D0EF  Ack: 0x53194087  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:14.641567 24.140.76.14:3866 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:28598 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75C62AFB  Ack: 0x377534AB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:23.657640 24.140.76.14:4155 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:29827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x76B4B444  Ack: 0x38553B58  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:54.497738 24.140.76.14:1371 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33216 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A07E9C9  Ack: 0x394CC833  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:27:13.269392 24.140.76.14:1993 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35363 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7C0A48BC  Ack: 0x3B3A5C4C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:27:22.244465 24.140.76.14:2309 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:36381 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D0D4F76  Ack: 0x3B2016E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-05:27:35.068461 24.140.76.14:2721 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:37782 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E6D1941  Ack: 0x3C53D952  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-05:27:53.080697 24.140.76.14:3353 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8077D092  Ack: 0x3D0540D7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:02.503155 24.140.76.14:3627 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:41191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x815E1405  Ack: 0x3DD67AE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:33.272837 24.140.76.14:4649 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44830 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84ACD9E8  Ack: 0x3F39F0AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:52.467293 24.140.76.14:1452 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:47085 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86AEE3A0  Ack: 0x405E150C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:01.880474 24.140.76.14:1779 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:48136 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x87BD623D  Ack: 0x41909BA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:10.890630 24.140.76.14:2085 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:49090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x88B8CD79  Ack: 0x41E48D3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:24.264364 24.140.76.14:2504 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:50430 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A190067  Ack: 0x428CFE50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:04.999358 24.245.2.233:3701 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4581 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDC25590A  Ack: 0xB40FB98  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:05.641847 24.245.2.233:3711 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4603 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDC2F8300  Ack: 0xB51C038  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.310155 24.245.2.233:3769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC697508  Ack: 0xB426424  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.509672 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC6B6F8C  Ack: 0xB3672AF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:12.740256 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC9B10BD  Ack: 0xADDAF3F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:12.924552 24.245.2.233:3826 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4913 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDCA0E5A5  Ack: 0xB50E98A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:22.446942 24.245.2.233:3939 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5172 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDD14ADB1  Ack: 0xBBC8E55  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.755863 24.245.2.233:3944 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5184 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDD191A7F  Ack: 0xB925C32  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.961231 24.245.2.233:3947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD1CA9F2  Ack: 0xBC35A5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:26.464908 24.245.2.233:3987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5307 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD462B98  Ack: 0xC5C6724  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:29.958235 24.245.2.233:4037 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD7BD68D  Ack: 0xC544BEB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:39.706387 24.245.2.233:4184 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDE0E6744  Ack: 0xD1C1394  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:49.171614 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6372 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.089485 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.480557 24.245.2.233:4385 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6470 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDED461E0  Ack: 0xE01A74E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.677893 24.245.2.233:4391 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6478 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDED970F4  Ack: 0xD5D3866  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:54:02.113944 24.245.2.233:4496 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6720 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF4C1B1C  Ack: 0xE26E8A1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.263019 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27744 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF68521D9  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.282951 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF685278D  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.303335 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F0E1  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.321731 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54635 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F695  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.804928 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AAD98  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.838352 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AB34C  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.462895 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553DEAB  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.487961 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553E45F  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:38:43.016487 24.218.185.195:1119 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:32991 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xDAE39A7C  Ack: 0x5F3E9861  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:38:43.025980 24.218.185.195:1119 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:32992 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xDAE39F68  Ack: 0x5F3E9861  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:42.295746 24.242.253.122:1657 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17575 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8185335A  Ack: 0x62BFC998  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:47.657795 24.242.253.122:3247 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19956 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x85DB7331  Ack: 0x62B3339C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:52.483458 24.242.253.122:3386 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22022 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8640FE50  Ack: 0x62EE156B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:58.227384 24.242.253.122:1348 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24397 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8AA91DCE  Ack: 0x636B95BA  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:40:03.592776 24.242.253.122:2229 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8D28F9D5  Ack: 0x635649CC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-14:40:05.467306 24.242.253.122:2367 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27563 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8D8A54A1  Ack: 0x63DC0AA1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-14:40:10.895945 24.242.253.122:3238 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29848 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x90034C34  Ack: 0x6421C7A2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:40:19.174026 24.242.253.122:4306 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33386 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9291F0CB  Ack: 0x64F75556  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-16:00:14.080520 24.209.196.254:3924 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDC81776  Ack: 0x931F093B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-16:00:14.110500 24.209.196.254:3924 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDC81D2A  Ack: 0x931F093B  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/09-17:48:48.986244 139.130.193.78 -> 192.168.1.6
ICMP TTL:236 TOS:0x0 ID:15923 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:33897 -> 144.140.24.119:113
TCP TTL:44 TOS:0x0 ID:63234 IpLen:20 DgmLen:60 DF
Seq: 0x2B83C66A  Ack: 0x4022BC3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-18:05:59.141718 24.126.123.161:2957 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:62058 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x92AA9CD  Ack: 0x6D5A0F32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-18:05:59.148271 24.126.123.161:2957 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:62059 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x92AAF81  Ack: 0x6D5A0F32  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:07:07.939681 24.209.196.254:3805 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31576 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x558DD5F8  Ack: 0x53D91A58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:07:07.948464 24.209.196.254:3805 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31577 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x558DDBAC  Ack: 0x53D91A58  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:20:29.154620 24.100.77.7:2169 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCC831B00  Ack: 0x86AEA8FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:20:29.236901 24.100.77.7:2169 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCC8320B4  Ack: 0x86AEA8FB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:37:58.144892 24.209.196.254:4903 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34584 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE42618F3  Ack: 0xC8EF1710  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:37:58.165165 24.209.196.254:4903 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34585 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4261EA7  Ack: 0xC8EF1710  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:29.991039 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63334 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x198BEE96  Ack: 0x3143545A  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.203349 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63336 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x198BEF57  Ack: 0x31435709  Win: 0x41C1  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.315186 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63337 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x198BF017  Ack: 0x31435A04  Win: 0x3EC6  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.393471 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63338 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x198BF0D8  Ack: 0x31435CB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.475868 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63339 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x198BF198  Ack: 0x31435FAD  Win: 0x4175  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.608913 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63340 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0x198BF234  Ack: 0x3143611A  Win: 0x4008  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.704461 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63342 IpLen:20 DgmLen:214 DF
***AP*** Seq: 0x198BF2E3  Ack: 0x314363C8  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.808370 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC93966A  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.834803 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC939C1E  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:01.141307 24.98.129.251:4647 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61709 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7764431D  Ack: 0x68F8AED5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.430873 24.98.129.251:4900 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62492 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7828F08B  Ack: 0x687B6717  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.600440 24.98.129.251:1144 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62564 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78D4959B  Ack: 0x6911DE43  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.794270 24.98.129.251:1169 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62662 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78E81D5E  Ack: 0x691369A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.953437 24.98.129.251:1194 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62749 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x78FBBC03  Ack: 0x6926B7FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-22:36:14.371687 24.98.129.251:1856 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:64895 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B009C07  Ack: 0x694B4989  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:17.934906 24.98.129.251:2148 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:113 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7BE201F4  Ack: 0x69BB9475  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:18.119344 24.98.129.251:2161 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:158 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7BEC3EF2  Ack: 0x69A76230  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:04.161542 24.98.129.251:1897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11620 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x87417A29  Ack: 0x6CD9DDFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:07.368465 24.98.129.251:1931 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8759F5B8  Ack: 0x6DE90205  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:16.904221 24.98.129.251:2217 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14437 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x88368920  Ack: 0x6D720A4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:20.110576 24.98.129.251:2846 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A2D5DE5  Ack: 0x6E4ABC50  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:13:18.349429 24.209.196.254:1381 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:46882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA60FC6E2  Ack: 0xD86D2AFA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:13:18.369653 24.209.196.254:1381 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:46883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA60FCC96  Ack: 0xD86D2AFA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.020273 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C2349  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.071262 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C28FD  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:48:02.220030 24.217.69.93:3332 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD2BE5BE  Ack: 0x5BB3622E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:48:02.225348 24.217.69.93:3332 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD2BEB72  Ack: 0x5BB3622E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.422821 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19F7CC  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.445221 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19FD80  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.887145 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x349615CA  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.931820 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34961B7E  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:29:19.507973 24.209.39.246:3948 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1968 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7A0665B  Ack: 0x9F36F6B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:24.948268 24.98.50.142:3000 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39106 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3F3A671  Ack: 0xD250F958  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.260674 24.98.50.142:3009 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39129 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3FB525F  Ack: 0xD2D4A3BD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.419046 24.98.50.142:3012 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39142 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3FDA857  Ack: 0xD25AE8B1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.587986 24.98.50.142:3018 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39158 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x40277DE  Ack: 0xD20062D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:34.724535 24.98.50.142:3276 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39730 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4CE3A4C  Ack: 0xD2D984AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-04:42:43.936945 24.98.50.142:3558 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40439 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5B3B8A8  Ack: 0xD3AB747E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-04:42:44.124007 24.98.50.142:3561 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40453 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5B64FF0  Ack: 0xD3F141B2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.343122 24.98.50.142:3567 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40475 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5BA9A76  Ack: 0xD32AED6B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.484067 24.98.50.142:3575 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C225FB  Ack: 0xD36224ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.634686 24.98.50.142:3579 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C5BB02  Ack: 0xD3BCCAAD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:47.944979 24.98.50.142:3665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x60DD284  Ack: 0xD36F83AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:51.250348 24.98.50.142:3787 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56097 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A2B1B  Ack: 0xD3DAAEFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.452849 24.98.50.142:3886 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56275 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6B42192  Ack: 0xD464097B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.610349 24.98.50.142:3891 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56285 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6B907E3  Ack: 0xD3F082BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.760194 24.98.50.142:3893 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6BAAFF4  Ack: 0xD4135E65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.901549 24.98.50.142:3894 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BC6ADA  Ack: 0xD426F114  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:40.627858 24.92.146.111:4698 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59142 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE129BFFC  Ack: 0x346D67F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:40.973421 24.92.146.111:4708 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59158 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE132F37A  Ack: 0x34B25EDD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:50.379794 24.92.146.111:4953 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59774 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE20E75E8  Ack: 0x35429102  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:53.926912 24.92.146.111:1071 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59982 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE26056D7  Ack: 0x34F0D877  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:54.104046 24.92.146.111:1075 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59998 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE26325BE  Ack: 0x358025B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-05:08:57.736419 24.92.146.111:1197 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60315 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE2CE0F17  Ack: 0x3543AC6C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-05:09:01.344057 24.92.146.111:1286 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60561 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE317A6BC  Ack: 0x354964C9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:08.027364 24.92.146.111:1383 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60992 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE36DF0EE  Ack: 0x35789D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.409220 24.92.146.111:1741 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4A62468  Ack: 0x376D4BED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.618765 24.92.146.111:1748 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61803 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4AC7D18  Ack: 0x372AD498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.787500 24.92.146.111:1755 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61824 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4B246D2  Ack: 0x37CE1828  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.971825 24.92.146.111:1759 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4B5A142  Ack: 0x37EE02FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.129060 24.92.146.111:1765 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61862 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE4BAB9D5  Ack: 0x37FBEB4D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.293567 24.92.146.111:1770 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61880 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4BF52FB  Ack: 0x375BBB4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.434773 24.92.146.111:1776 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61898 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE4C4ACA3  Ack: 0x378EC70E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.623458 24.92.146.111:1783 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61925 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4CB0EC0  Ack: 0x37682E09  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-12:31:20.069422 24.209.98.148:1094 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13398 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4036E  Ack: 0xBCE9302B  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-12:35:19.984092 66.196.65.24:40171 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:52374 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDBDE23E2  Ack: 0xCBDCCADC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:05:48.492254 24.145.224.14:3689 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72A684BB  Ack: 0x3ED6705A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:05:48.504671 24.145.224.14:3689 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72A68A6F  Ack: 0x3ED6705A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:33:01.472844 24.209.196.254:4278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x265DCB4A  Ack: 0xA648058E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:33:01.499946 24.209.196.254:4278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34042 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x265DD0FE  Ack: 0xA648058E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:37:23.969307 24.209.98.148:4967 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9334C244  Ack: 0xB670B53B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:37:23.982587 24.209.98.148:4967 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9334C7F8  Ack: 0xB670B53B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:45:11.242358 24.209.196.254:4365 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A472335  Ack: 0xD4A9CC2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:45:11.264627 24.209.196.254:4365 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A4728E9  Ack: 0xD4A9CC2D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-13:47:53.191111 66.196.65.24:57675 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:14062 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x175FC63D  Ack: 0xDE4BE070  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-16:06:09.189605 24.112.238.37:1783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8363DA0C  Ack: 0xE83ADCD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-16:06:09.190212 24.112.238.37:1783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19287 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8363DFC0  Ack: 0xE83ADCD1  Win: 0x4470  TcpLen: 20

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/10-16:50:53.792937 65.218.30.150:1997 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38943 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0x28CC57A9  Ack: 0x9123D2D6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-17:36:57.552065 24.208.78.236:4640 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7EDFDE6  Ack: 0x3FA367A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-17:36:57.588838 24.208.78.236:4640 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7EE039A  Ack: 0x3FA367A0  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:14:06.899206 12.217.238.13:1989 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4379 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xFA888AA2  Ack: 0xCB7EBCCF  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:14:07.587108 12.217.238.13:1989 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4380 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xFA888B35  Ack: 0xCB7EBE3D  Win: 0x4302  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:55:58.958321 66.196.65.24:61162 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:16134 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x28502BA2  Ack: 0x6992146E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-19:09:24.002318 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B14D95  Ack: 0x9BD53AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-19:09:24.066494 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B15349  Ack: 0x9BD53AEE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:22:13.388313 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406969  Ack: 0xAFE28E19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:22:13.428589 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406F1D  Ack: 0xAFE28E19  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:31:59.046578 200.54.64.130:2081 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x375D27FF  Ack: 0xD5B2CC4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:31:59.047981 200.54.64.130:2081 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50813 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x375D2DB3  Ack: 0xD5B2CC4E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:20:56.228933 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42024 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC24C  Ack: 0x8D4A30B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:20:56.257993 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42025 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC800  Ack: 0x8D4A30B3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:26:39.641001 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3058 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDEFF98  Ack: 0xA2D90735  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:26:39.713345 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3059 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDF054C  Ack: 0xA2D90735  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:16:03.366008 24.209.196.254:1393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDA7EAC0  Ack: 0x5DB4A3F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:16:03.414612 24.209.196.254:1393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDA7F074  Ack: 0x5DB4A3F9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:34:18.110279 24.209.196.254:2578 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34723 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38969B56  Ack: 0xA23BB8C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:34:18.133606 24.209.196.254:2578 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3896A10A  Ack: 0xA23BB8C2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-23:10:55.539863 66.196.65.24:20004 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:40617 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4A4A48CD  Ack: 0x2CC4B8A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-23:16:18.310679 24.68.101.113:4311 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF268F2C3  Ack: 0x4166F298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-23:16:18.340396 24.68.101.113:4311 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56524 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF268F877  Ack: 0x4166F298  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-00:33:40.268383 66.196.65.24:60397 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:23926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x43DF871E  Ack: 0x65824D8D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.265106 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6046 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2861E  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.291702 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F28BD2  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.054347 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22711 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331E53F  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.073569 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22712 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331EAF3  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:48:09.384240 66.196.65.24:16014 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:41806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF3254B25  Ack: 0x1ED57D33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:19.313674 24.99.90.28:1688 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49050 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC383C9E  Ack: 0x2AAE52E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:22.629010 24.99.90.28:1790 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49535 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCC907B08  Ack: 0x2B184C0E  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.256486 24.99.90.28:1927 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD01A566  Ack: 0x2ACD32B1  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.505659 24.99.90.28:1940 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50183 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD0CA217  Ack: 0x2BB74375  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.867772 24.99.90.28:1955 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50252 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD19FD08  Ack: 0x2AFF9361  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:51:27.231909 24.99.90.28:1968 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50312 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD2418A6  Ack: 0x2B421A3B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:51:27.551086 24.99.90.28:1987 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50372 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD339D5F  Ack: 0x2B04DBC2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:37.293306 24.99.90.28:2226 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51513 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCE0B4903  Ack: 0x2C2451E5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:37.680215 24.99.90.28:2242 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51563 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCE18CC05  Ack: 0x2C55B282  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:02.661384 24.99.90.28:2813 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:54727 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD01567BB  Ack: 0x2CCD472F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:06.128735 24.99.90.28:2988 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0AC99B7  Ack: 0x2DAEA47D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:06.669426 24.99.90.28:3003 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BAC305  Ack: 0x2D1F98D9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:07.111861 24.99.90.28:3017 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55264 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD0C734FF  Ack: 0x2DE9094E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:07.532035 24.99.90.28:3034 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55335 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0D604D1  Ack: 0x2D80D917  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:08.126063 24.99.90.28:3050 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55414 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD0E40020  Ack: 0x2D38873A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:12.095625 24.99.90.28:3166 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55964 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD147DA23  Ack: 0x2D7196F0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:18:39.162119 24.73.104.66:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D5618D  Ack: 0x92504EE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:18:39.170096 24.73.104.66:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4331 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D56741  Ack: 0x92504EE5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:56:54.780053 24.148.37.196:2824 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35403 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x47DD7BA2  Ack: 0x22B70EF5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:05.595077 24.148.37.196:3234 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36854 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492FBC12  Ack: 0x23782D5E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:06.828001 24.148.37.196:3286 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37032 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x495CC284  Ack: 0x23252A58  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:08.144903 24.148.37.196:3335 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49872E24  Ack: 0x23AD138F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:12.886674 24.148.37.196:3521 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37883 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A1C05B0  Ack: 0x23FD8DFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-14:57:14.096665 24.148.37.196:3573 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38071 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A4741B8  Ack: 0x238F3936  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-14:57:15.338313 24.148.37.196:3617 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38267 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A6BCC16  Ack: 0x23B74D08  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:26.140593 24.148.37.196:4055 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39899 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4BD761D7  Ack: 0x2480C5C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:31.018702 24.148.37.196:4238 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C6E4CC4  Ack: 0x24A40603  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:32.274200 24.148.37.196:4293 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40770 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C9C6A01  Ack: 0x2506492B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:37.106980 24.148.37.196:4467 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D2C7276  Ack: 0x24EA7480  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:38.509108 24.148.37.196:4520 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41630 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D5A2E52  Ack: 0x25505B8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:46.371587 24.148.37.196:4779 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4DF47E70  Ack: 0x252926BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:47.546208 24.148.37.196:1084 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42924 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4E83557F  Ack: 0x25A13DDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:48.990468 24.148.37.196:1136 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43125 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4EB096B5  Ack: 0x25718685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:50.353445 24.148.37.196:1185 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4ED56006  Ack: 0x262DCB1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-15:40:27.253234 24.68.67.114:1396 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59101 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CBE3F92  Ack: 0xC690A973  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-15:40:27.301042 24.68.67.114:1396 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59102 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CBE4546  Ack: 0xC690A973  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:05:10.991186 24.209.39.246:3841 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2398
***AP*** Seq: 0x240D3811  Ack: 0x3DA3197A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:22.679817 24.148.85.85:3146 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36412 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5A8775D4  Ack: 0xBC74DAFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:23.145663 24.148.85.85:3264 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36426 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5AED164E  Ack: 0xBC6B8843  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:23.400645 24.148.85.85:3265 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36438 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5AEE8C6E  Ack: 0xBC84834D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:04:59.531135 24.148.85.85:2098 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:48544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x17DB5ADE  Ack: 0xE7C54085  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:20.907414 24.148.85.85:2748 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50729 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1A0DE19E  Ack: 0xE992ABE5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:21.110392 24.148.85.85:2751 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50748 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A111BB6  Ack: 0xE95A3E35  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-18:05:33.728383 24.148.85.85:3001 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1AECD7A8  Ack: 0xEA0A1B9F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-18:05:33.922882 24.148.85.85:3061 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51895 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1B26FB82  Ack: 0xEA6704EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:34.142405 24.148.85.85:3062 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51904 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1B2872DE  Ack: 0xEA02BB63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.420431 24.148.85.85:3314 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52855 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C086DD3  Ack: 0xEB7CCAF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.636722 24.148.85.85:3341 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52863 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C1DEB9B  Ack: 0xEC195D87  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.822830 24.148.85.85:3344 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52873 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C20CB7A  Ack: 0xEB8E1DB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:47.929043 24.148.85.85:3456 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:53304 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C844868  Ack: 0xEBD4F79E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:51.315725 24.148.85.85:3463 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:138
***AP*** Seq: 0x1C8A3D62  Ack: 0x1C897897  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:54.612747 24.148.85.85:3659 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:54059 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1D32DEBB  Ack: 0xEC62DC32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:57.752204 24.148.85.85:3691 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:54462 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D4B3B15  Ack: 0xEC5D94F0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:44:51.470683 24.74.60.176:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:33311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA658CF53  Ack: 0x7FA0F943  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:44:51.476032 24.74.60.176:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:33312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA658D507  Ack: 0x7FA0F943  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:02.234808 24.158.5.113:3907 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x43A5E94B  Ack: 0xF9D5E100  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:06.945710 24.158.5.113:3988 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52852 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43F4C618  Ack: 0xFA652BC2  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:07.933486 24.158.5.113:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44031EC0  Ack: 0xFAC5B880  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:08.774026 24.158.5.113:4021 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53039 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44146D47  Ack: 0xFAC9CA84  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:13.221109 24.158.5.113:4094 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x445D33DC  Ack: 0xFA63BF60  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:17:17.589969 24.158.5.113:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53802 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44A33810  Ack: 0xFA95110F  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:17:18.415838 24.158.5.113:4180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53874 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44B2F200  Ack: 0xFAA7ABDE  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:22.600926 24.158.5.113:4230 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54155 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x44E74ABB  Ack: 0xFB531D95  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:23.327164 24.158.5.113:4244 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44F338AD  Ack: 0xFAFA6718  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:27.187244 24.158.5.113:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45243C4A  Ack: 0xFB2653CB  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:28.036975 24.158.5.113:4300 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54537 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x452BF103  Ack: 0xFBC51077  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:28.892930 24.158.5.113:4314 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x453676A9  Ack: 0xFB88A7AC  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:33.089897 24.158.5.113:4368 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54898 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x456EEF51  Ack: 0xFC208D4C  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:33.860210 24.158.5.113:4383 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457E538A  Ack: 0xFBDD6558  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:34.781521 24.158.5.113:4398 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x458CBCF3  Ack: 0xFB807335  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:39.068490 24.158.5.113:4463 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55415 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45CF0A8D  Ack: 0xFC9CBB22  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.111920 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB92FFE00  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.161675 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB93003B4  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:31:33.814760 24.209.98.148:2706 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:18190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E0C0A49  Ack: 0x2F7B0135  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:31:33.843866 24.209.98.148:2706 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:18191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E0C0FFD  Ack: 0x2F7B0135  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:59:13.158127 66.196.73.77:23285 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:37213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1AEC08A7  Ack: 0x97CBE703  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-20:36:10.360555 24.209.98.148:4863 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C99C54E  Ack: 0x23E10573  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-20:36:10.390167 24.209.98.148:4863 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C99CB02  Ack: 0x23E10573  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:06:34.223303 24.209.196.254:4056 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15A34F53  Ack: 0x7916D169  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:06:34.243833 24.209.196.254:4056 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15A35507  Ack: 0x7916D169  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:20:20.131698 24.98.31.200:2821 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10289 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x952EDFFA  Ack: 0xADF2206B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:20:24.290149 24.98.31.200:3052 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11844 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x95DE6616  Ack: 0xAE31B9D0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:54:59.570702 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52602 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD3E7  Ack: 0x3106C3AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:54:59.600516 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD99B  Ack: 0x3106C3AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-23:03:31.317851 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB09011D9  Ack: 0x50B5FAED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-23:03:31.382330 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB090178D  Ack: 0x50B5FAED  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-01:55:46.124411 61.152.247.17:1135 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:8866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB9EA4C7A  Ack: 0xDBB5AEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-01:55:46.220470 61.152.247.17:1135 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:8867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB9EA522E  Ack: 0xDBB5AEB4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:09.815884 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x61691DF5  Ack: 0xBF11A4C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:09.845261 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x616923A9  Ack: 0xBF11A4C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:20.690767 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820930  Ack: 0xBF8E69C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:20.722116 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820EE4  Ack: 0xBF8E69C7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-07:00:13.144380 66.196.65.13:13011 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:44200 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8F1A5395  Ack: 0x5978524C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-08:32:59.472127 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC8448367  Ack: 0xB82FAAA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-08:32:59.522395 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC844891B  Ack: 0xB82FAAA4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:37.652641 24.125.85.187:2621 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5445 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9DCCC8C4  Ack: 0xA0ECF42D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:42.775238 24.125.85.187:2767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5950 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9E4A473E  Ack: 0xA13C6D95  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:43.395275 24.125.85.187:2787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9E5B2B94  Ack: 0xA1A45546  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:05.058868 24.125.85.187:3400 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8125 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05E971B  Ack: 0xA2D4DF65  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:05.390737 24.125.85.187:3421 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8173 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA06E47D2  Ack: 0xA26E957B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-09:35:15.028713 24.125.85.187:3677 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9029 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA144DCD6  Ack: 0xA2F0BFA2  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-09:35:18.722122 24.125.85.187:3693 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9320 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA151C3DC  Ack: 0xA3DEEB45  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:19.340376 24.125.85.187:3790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9385 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1A38505  Ack: 0xA3CD9586  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:19.851771 24.125.85.187:3804 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9425 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1B0566D  Ack: 0xA3A16E40  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:23.555119 24.125.85.187:3817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9772 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1BBB405  Ack: 0xA36A3114  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:23.734831 24.125.85.187:3921 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9799 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA212D181  Ack: 0xA38D8C3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:33.375467 24.125.85.187:4194 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10811 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2F66A7F  Ack: 0xA47D3D70  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:33.887420 24.125.85.187:4213 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10875 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA30623C4  Ack: 0xA4726D99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:37.377859 24.125.85.187:4226 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11242 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3116F12  Ack: 0xA4FA5053  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:43.470011 24.125.85.187:4226 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11874 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3116F12  Ack: 0xA4FA5053  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:47.098609 24.125.85.187:4603 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12209 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA446C1E4  Ack: 0xA549A092  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:47.684296 24.125.85.187:4629 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12295 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA45B1804  Ack: 0xA5731EC6  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:48:23.161928 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE617B5  Ack: 0xD45E1659  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:48:23.202509 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE61D69  Ack: 0xD45E1659  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-10:06:19.147253 66.196.65.24:4976 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48260 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x533829C7  Ack: 0x18A7D862  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/12-10:21:04.608376 193.10.220.145 -> 192.168.1.6
ICMP TTL:233 TOS:0x0 ID:7621 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:80 -> 193.10.229.17:2446
TCP TTL:42 TOS:0x0 ID:6184 IpLen:20 DgmLen:774 DF
Seq: 0x5191264E  Ack: 0xD0ADBF3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.090368 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B7B77  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.130202 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B812B  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:46.333938 24.218.160.238:1102 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61033 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x42078994  Ack: 0x61A7170E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:47.481794 24.218.160.238:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61180 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x421F7B6E  Ack: 0x61C9CED8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:51.364286 24.218.160.238:1241 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61703 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4283A14B  Ack: 0x619217D2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:52.063890 24.218.160.238:1250 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61779 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x428BBD03  Ack: 0x6180B841  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:52.771899 24.218.160.238:1273 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61879 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x429FBEEA  Ack: 0x617CF135  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:57:14.112125 24.207.210.156:3179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60578181  Ack: 0x8107B7EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:57:14.175256 24.207.210.156:3179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60578735  Ack: 0x8107B7EE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:17.507236 24.63.13.134:4200 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44524 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAEAD9756  Ack: 0x4D674268  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:19.230218 24.63.13.134:4373 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44892 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF355719  Ack: 0x4CEFBB04  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:20.407699 24.63.13.134:4421 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45040 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF5D9C4F  Ack: 0x4D0D84C0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:24.389760 24.63.13.134:4475 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45972 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF8611FC  Ack: 0x4D475D39  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:25.498000 24.63.13.134:1064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB06E2DC2  Ack: 0x4CF94AA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.032167 24.63.13.134:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46817 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0A1FF9F  Ack: 0x4DD2FAF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.537811 24.63.13.134:1355 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1553EB9  Ack: 0x4DD1ECAD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.065325 24.63.13.134:1387 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46981 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB170528B  Ack: 0x4E069140  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.804841 24.63.13.134:1399 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47074 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB17A8AB8  Ack: 0x4DCD2737  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:35.386836 24.63.13.134:1688 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47854 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2601699  Ack: 0x4E1CD810  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:36.472375 24.63.13.134:1741 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB289CC89  Ack: 0x4E0842E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:37.130793 24.63.13.134:1792 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2B586B7  Ack: 0x4E5ADB37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:40.991761 24.63.13.134:1802 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48966 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2BFFD93  Ack: 0x4E19E3B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:41.942108 24.63.13.134:2086 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB39F08ED  Ack: 0x4E5CB850  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:43.031881 24.63.13.134:2105 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49205 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB3AF74EF  Ack: 0x4EE817D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:47.531353 24.63.13.134:2410 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB4A334C3  Ack: 0x4EB5B634  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:19.674540 24.148.68.177:1038 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9465 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x88C3BBFB  Ack: 0x3DBE9990  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:24.002105 24.148.68.177:1131 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9723 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x891EACA8  Ack: 0x3F415E88  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:24.520621 24.148.68.177:1145 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9763 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x892CD060  Ack: 0x3FA90A8D  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:25.092895 24.148.68.177:1160 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9830 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8939B32A  Ack: 0x3F5EC0DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:25.752998 24.148.68.177:1220 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x896938E8  Ack: 0x3FCBF037  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:55:26.457200 24.148.68.177:1283 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10010 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x899922E8  Ack: 0x3F37676A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:55:31.415654 24.148.68.177:1353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10348 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x89DC0A01  Ack: 0x40294B9E  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:33.095746 24.148.68.177:1376 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10417 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x89F350A6  Ack: 0x404967EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:34.780823 24.148.68.177:1410 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10524 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A1211FD  Ack: 0x4067B91A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:36.419131 24.148.68.177:1430 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10669 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A27035F  Ack: 0x401A0773  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:37.822272 24.148.68.177:1449 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A3CC8AB  Ack: 0x3FB01A7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:39.168655 24.148.68.177:1480 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10813 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A578C33  Ack: 0x408A09BE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:40.554925 24.148.68.177:1495 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10895 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A672B71  Ack: 0x4073A0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:43.651175 24.148.68.177:1495 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11060 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A672B71  Ack: 0x4073A0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:45.106292 24.148.68.177:1579 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11124 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB0CEAD  Ack: 0x4059D168  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:46.910116 24.148.68.177:1600 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11255 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AC532EF  Ack: 0x4036767B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:50.902880 24.148.68.177:1778 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B5BEA1C  Ack: 0x40DAC6FE  Win: 0xFAF0  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:59:00.242639 129.137.194.128:2109 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23482 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0xB83DF9A6  Ack: 0x4C4B37D3  Win: 0x40B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:59:03.625990 129.137.194.128:2109 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23485 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xB83DFA33  Ack: 0x4C4B3941  Win: 0x3F42  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:55.996481 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28261 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F1184B  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:56.016905 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F11DFF  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:51:39.054281 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A34CDB  Ack: 0x139FF295  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:51:39.125899 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47052 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A3528F  Ack: 0x139FF295  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-16:58:33.702747 66.196.65.24:28151 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6592 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9574EFB  Ack: 0x2CFF6A51  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.541969 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57738 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6067338  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.550268 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE60678EC  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:55:59.395568 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44788 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27450  Ack: 0x72B8022  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:55:59.434006 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27A04  Ack: 0x72B8022  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:06:13.712062 24.209.98.148:3812 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40493 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A135B10  Ack: 0x2D3D7E69  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:06:13.740534 24.209.98.148:3812 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40494 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A1360C4  Ack: 0x2D3D7E69  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:16:16.199420 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A24E6  Ack: 0x54C32C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:16:16.221733 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A2A9A  Ack: 0x54C32C8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:17:02.226850 24.209.98.148:2356 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889ED1A4  Ack: 0x573C12DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:17:02.250234 24.209.98.148:2356 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889ED758  Ack: 0x573C12DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-18:51:46.444983 66.196.65.24:59697 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48375 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDA8B159  Ack: 0xD92144EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-20:54:35.003258 66.196.65.24:18405 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:10275 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53B47259  Ack: 0xA93AFE20  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:00:37.172559 24.101.169.3:2064 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4BE28ADC  Ack: 0xC0015513  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:00:37.269101 24.101.169.3:2064 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16652 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4BE29090  Ack: 0xC0015513  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:25.058896 24.208.232.173:2583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42393 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x440D1E93  Ack: 0x6647626D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:27.621518 24.208.232.173:2606 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42624 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x44274FC5  Ack: 0x6615702B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:27.880950 24.208.232.173:2610 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42654 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x442BC932  Ack: 0x668205F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:28.149150 24.208.232.173:2616 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42667 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4431A46D  Ack: 0x65FE454C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:28.490097 24.208.232.173:2620 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42696 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x443676E3  Ack: 0x65F1046F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-21:44:28.803567 24.208.232.173:2627 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42734 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x443BC828  Ack: 0x6685AAA8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-21:44:32.160475 24.208.232.173:2675 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x446B8550  Ack: 0x66494D8C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:32.516770 24.208.232.173:2682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43079 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4471BA84  Ack: 0x66C14771  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:32.909140 24.208.232.173:2689 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x447823F8  Ack: 0x6647077F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:36.404753 24.208.232.173:2744 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43417 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44AE84A4  Ack: 0x6640F93D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:36.842791 24.208.232.173:2750 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43466 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44B3EA6E  Ack: 0x66FAE162  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.116213 24.208.232.173:2755 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43490 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44B901CA  Ack: 0x67118964  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.522980 24.208.232.173:2759 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43527 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x44BD9E4F  Ack: 0x66E09EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.789499 24.208.232.173:2763 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44C1D183  Ack: 0x6683F970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:38.053807 24.208.232.173:2770 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43583 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x44C80B2F  Ack: 0x66DA2BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:41.368682 24.208.232.173:2830 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43929 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4501A2F1  Ack: 0x6688C8D8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:50:16.194715 24.42.15.25:2163 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33983 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72382245  Ack: 0x7B914A9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:50:16.259360 24.42.15.25:2163 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33984 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x723827F9  Ack: 0x7B914A9B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:41:56.724896 24.218.253.67:4385 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7246 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBC59986F  Ack: 0x22BAEB66  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:00.353167 24.218.253.67:4641 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7803 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBD0EEDEC  Ack: 0x231BFEC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:07.595324 24.218.253.67:1085 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:8953 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDC19CF0  Ack: 0x22AE82C5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:08.409905 24.218.253.67:1311 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9089 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBE738E7B  Ack: 0x233EBE2F  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:12.881211 24.218.253.67:1567 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9840 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF42F7E1  Ack: 0x23CE8076  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-23:42:13.867033 24.218.253.67:1612 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10011 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF67521C  Ack: 0x23B18E35  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-23:42:14.845230 24.218.253.67:1672 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10168 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF9717BC  Ack: 0x23F3725A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:19.044654 24.218.253.67:1923 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10855 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC05B650F  Ack: 0x24268045  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:19.829650 24.218.253.67:1967 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10983 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC07D7FE9  Ack: 0x2354E5F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:23.714604 24.218.253.67:2209 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11622 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC13F3F65  Ack: 0x23ECE7C7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:24.158132 24.218.253.67:2229 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11693 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC14E42DC  Ack: 0x245E7C83  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:24.686258 24.218.253.67:2261 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11778 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC163A803  Ack: 0x243EE3AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:28.380495 24.218.253.67:2488 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12339 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC218A5D8  Ack: 0x24108B5E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:28.598252 24.218.253.67:2501 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12361 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC22276EB  Ack: 0x23F2F93C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:31.711945 24.218.253.67:2501 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12853 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC22276EB  Ack: 0x23F2F93C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:32.020953 24.218.253.67:2702 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12904 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2C63512  Ack: 0x240B33DA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:32.483173 24.218.253.67:2729 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2DBA7FC  Ack: 0x24794FB0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.624826 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC27A0  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.645204 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC2D54  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-00:12:05.406818 24.244.137.89:4138 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDE1C71D0  Ack: 0x92D44A3A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-00:12:05.500360 24.244.137.89:4138 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDE1C7784  Ack: 0x92D44A3A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-04:09:16.504727 66.196.65.24:10080 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:4467 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1C11182  Ack: 0x1350236F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:01:05.649624 24.198.148.199:2659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52094 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CF02247  Ack: 0xD7415AA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:01:05.668231 24.198.148.199:2659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CF027FB  Ack: 0xD7415AA6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:59:20.645152 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802C81E  Ack: 0xB3EE8880  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:59:20.685394 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802CDD2  Ack: 0xB3EE8880  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-08:50:58.953765 66.196.73.77:27400 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:25603 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8CE361BE  Ack: 0x3B21663A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:55.482067 24.60.182.124:3436 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22542 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x79BBAADA  Ack: 0xEDA097C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:57.612678 24.60.182.124:3560 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22921 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A20F214  Ack: 0xEE1531FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:58.648563 24.60.182.124:3608 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23119 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A4862B2  Ack: 0xEE327CA9  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:59.723411 24.60.182.124:3652 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23319 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A6A7BB9  Ack: 0xED93FD35  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:00.808456 24.60.182.124:3742 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AB304DE  Ack: 0xEDEB484F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-10:46:10.753467 24.60.182.124:4280 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:25349 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7C5FAE02  Ack: 0xEE905689  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-10:46:11.931387 24.60.182.124:4324 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:25547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7C7EEB66  Ack: 0xEEE6D01F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:21.999576 24.60.182.124:4879 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:27511 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7E373821  Ack: 0xEF7E62D7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:23.005216 24.60.182.124:4938 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:27765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E649137  Ack: 0xEF3A4E35  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:40.274115 24.60.182.124:1899 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31066 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x815165C1  Ack: 0xF0092377  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:44.034786 24.60.182.124:2126 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31827 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82020AFF  Ack: 0xF06ED319  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:48.306981 24.60.182.124:2361 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32662 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82BF1D9B  Ack: 0xF0C30079  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:49.535147 24.60.182.124:2412 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x82E93021  Ack: 0xF16DFFF0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:50.826455 24.60.182.124:2514 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33119 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83363607  Ack: 0xF0B7FEAE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:52.228096 24.60.182.124:2570 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33347 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x836574A6  Ack: 0xF1258DD8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:58:16.221751 24.244.179.28:1627 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23044 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B693FB2  Ack: 0x1BBFE94E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:58:16.230404 24.244.179.28:1627 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23045 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B694566  Ack: 0x1BBFE94E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:33.482212 24.150.22.139:1770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57779 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2DC5EC74  Ack: 0x42897195  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.268481 24.150.22.139:1795 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57904 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2DDB7254  Ack: 0x4297DDD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.471557 24.150.22.139:1803 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57931 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DE22DCC  Ack: 0x431A7DEE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.681111 24.150.22.139:1810 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DE8B0C3  Ack: 0x434E4C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:47.540668 24.150.22.139:2212 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60293 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2F334127  Ack: 0x4346A6EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-11:08:47.876679 24.150.22.139:2386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60363 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2FBB6E1F  Ack: 0x43D77CAB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-11:08:51.624837 24.150.22.139:2413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61036 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2FD1C6C0  Ack: 0x43AE4FE2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:51.820379 24.150.22.139:2512 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61071 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3026B546  Ack: 0x43843FF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.073693 24.150.22.139:2521 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61120 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x302E268D  Ack: 0x442C9646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.337220 24.150.22.139:2529 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x30341993  Ack: 0x43821DF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.555936 24.150.22.139:2535 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61224 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3038D83B  Ack: 0x4388AB66  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.835959 24.150.22.139:2547 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x30428BD9  Ack: 0x43EEBD88  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:53.024302 24.150.22.139:2557 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61326 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x304AE472  Ack: 0x443FD837  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:56.033078 24.150.22.139:2557 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61960 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x304AE472  Ack: 0x443FD837  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:56.476287 24.150.22.139:2670 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62055 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30AF9E9E  Ack: 0x44101CA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:59.379871 24.150.22.139:2670 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62649 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30AF9E9E  Ack: 0x44101CA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:59.830054 24.150.22.139:2748 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x30F3A399  Ack: 0x43E8F91A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:09:00.078519 24.150.22.139:2762 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62783 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FED51A  Ack: 0x44854C83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:19:52.716775 24.112.153.163:3824 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F188A6F  Ack: 0x6EB8ABC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:19:52.780232 24.112.153.163:3824 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F189023  Ack: 0x6EB8ABC8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.367122 24.209.18.197:2960 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19373 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x78F40E28  Ack: 0xD699DACB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.547363 24.209.18.197:2964 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x78F814BB  Ack: 0xD625F3A8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.654773 24.209.18.197:2966 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78F9B87B  Ack: 0xD69AD6B3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.847984 24.209.18.197:2971 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19421 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78FD8E0C  Ack: 0xD5D0E3D4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:15.529758 24.209.18.197:3054 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7945E6EB  Ack: 0xD657828B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.668616 24.209.18.197:3058 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7949ABCB  Ack: 0xD6F87BDA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.745518 24.209.18.197:3060 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x794B6279  Ack: 0xD69F5C2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.251691 24.209.18.197:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20044 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x798B7641  Ack: 0xD6E0930D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.374518 24.209.18.197:3164 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B17EAF  Ack: 0xD67C124B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.466183 24.209.18.197:3165 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B2D51B  Ack: 0xD7593314  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.469995 24.209.18.197:3166 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20567 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B3C940  Ack: 0xD72D2BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.600291 24.209.18.197:3332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A540D9F  Ack: 0xD75B07A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:34.940834 24.209.18.197:3393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20733 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A8E7E67  Ack: 0xD8226E03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.023751 24.209.18.197:3395 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A90791A  Ack: 0xD7D7E1BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.144964 24.209.18.197:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A91B3D1  Ack: 0xD7620DED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.049283 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20898 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.136709 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:07.520133 24.209.18.197:1753 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52148 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8B266062  Ack: 0xE95FCCA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:11.610580 24.209.18.197:1769 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52305 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8B35C0F5  Ack: 0xE92A9BBD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:15.664687 24.209.18.197:1808 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52478 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B6108CD  Ack: 0xE93EBF56  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.272597 24.209.18.197:1863 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52587 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B9C4512  Ack: 0xE9E253E7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.367111 24.209.18.197:1867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52602 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B9F5311  Ack: 0xEA234FB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.469208 24.209.18.197:1873 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BA49491  Ack: 0xE9AACB08  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.597251 24.209.18.197:1883 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52664 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BAB4891  Ack: 0xE9F4A8B8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.688448 24.209.18.197:1889 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52679 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BB11795  Ack: 0xEA149D32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.770248 24.209.18.197:1894 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52695 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BB523F7  Ack: 0xE94A2AAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.144810 24.209.18.197:1959 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF1E961  Ack: 0xEA4A3659  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.291326 24.209.18.197:1965 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53052 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF798F1  Ack: 0xE9F4C4B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.412282 24.209.18.197:1967 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53066 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF9AB62  Ack: 0xE9E3B75F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.538075 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53081 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.693868 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53380 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.775157 24.209.18.197:2041 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C3C8291  Ack: 0xEA499409  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.875742 24.209.18.197:2044 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53420 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8C3F86BD  Ack: 0xE9B8952F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:27.161862 24.209.18.197:2093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53629 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C6E0196  Ack: 0xE9E89381  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:37:19.515536 24.209.133.90:1711 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61373 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2CAEC2E0  Ack: 0x588D5B0E  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:37:19.521458 24.209.133.90:1711 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61374 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2CAEC7CC  Ack: 0x588D5B0E  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:51:57.740458 24.209.133.90:4640 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:339 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x7AAB3576  Ack: 0x8EFDCC87  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:51:57.747116 24.209.133.90:4640 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:340 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x7AAB3A62  Ack: 0x8EFDCC87  Win: 0xFC00  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:02.688676 24.99.137.153:2990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55725 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1A05C4FC  Ack: 0xE247189C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.260270 24.99.137.153:3065 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56046 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1A45F548  Ack: 0xE20098CB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.399639 24.99.137.153:3074 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56065 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A4C3356  Ack: 0xE246C098  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.538563 24.99.137.153:3080 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A50AA72  Ack: 0xE26BAAB5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:08.710399 24.99.137.153:3087 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56453 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A56FBA3  Ack: 0xE21E3079  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:14:12.107204 24.99.137.153:3291 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56856 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1AFECF7F  Ack: 0xE27094C4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:14:12.253070 24.99.137.153:3294 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56892 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1B01BF5E  Ack: 0xE2AD4BF8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:12.550098 24.99.137.153:3298 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56941 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1B03EAA9  Ack: 0xE27AF4C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:15.688765 24.99.137.153:3387 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57280 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B5390C0  Ack: 0xE344A766  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:15.827220 24.99.137.153:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57290 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B58B3E5  Ack: 0xE24EE3FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:19.162752 24.99.137.153:3504 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB62407  Ack: 0xE2BB7E71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:19.294326 24.99.137.153:3508 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB935B9  Ack: 0xE2DF426D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:31.916935 24.99.137.153:3817 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59094 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1CB7EAB0  Ack: 0xE379A8C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:32.075873 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59111 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45  Ack: 0xE45430AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.072196 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59268 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45  Ack: 0xE45430AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.200712 24.99.137.153:3982 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59278 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1D4ABA9A  Ack: 0xE520C8AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.369976 24.99.137.153:3990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59295 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D510A1E  Ack: 0xE47AD78E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:28.501102 24.70.71.236:2669 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36714 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3239F058  Ack: 0x12D6421D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:29.307297 24.70.71.236:2688 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36862 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x324AC3EB  Ack: 0x126FDE9C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:33.048709 24.70.71.236:2824 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37581 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x32BFBD67  Ack: 0x125EA64D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:36.809533 24.70.71.236:2933 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:38137 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x332215F3  Ack: 0x13013A2C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:58.450081 24.70.71.236:3544 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41528 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x35368E4D  Ack: 0x147C9A17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:26:58.796843 24.70.71.236:3553 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41587 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x353EDEF9  Ack: 0x148C8F6C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:26:59.252610 24.70.71.236:3556 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41639 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35422E95  Ack: 0x14A28818  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:04.498657 24.209.133.90:4857 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27506 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2D3E128E  Ack: 0x14CFB962  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:04.504401 24.209.133.90:4857 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27507 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2D3E177A  Ack: 0x14CFB962  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.063455 24.70.71.236:3837 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43196 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x363B7246  Ack: 0x150E6769  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.380239 24.70.71.236:3847 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43245 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x364394CA  Ack: 0x14DDA541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.727357 24.70.71.236:3852 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43299 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36487BFD  Ack: 0x150B9826  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:13.360435 24.70.71.236:3949 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43813 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x369F75D2  Ack: 0x159B841C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:14.246556 24.209.133.90:1113 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28209 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2E08D071  Ack: 0x156A50B5  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:14.252739 24.209.133.90:1113 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28210 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2E08D55D  Ack: 0x156A50B5  Win: 0xFC00  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:16.984249 24.70.71.236:4036 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36EB6D6C  Ack: 0x151D7626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:17.307302 24.70.71.236:4048 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44380 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36F4C138  Ack: 0x14E4352A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:17.664658 24.70.71.236:4054 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44426 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36FA240C  Ack: 0x15153A97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:18.004026 24.70.71.236:4061 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44481 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37010423  Ack: 0x1502A831  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:18.341188 24.70.71.236:4078 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44543 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x370FAEBC  Ack: 0x1535FDCC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:08.621256 24.209.39.246:4558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x684969E0  Ack: 0x2413A04B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.632617 24.209.39.246:4721 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25970 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68D8B367  Ack: 0x24E08979  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.864839 24.209.39.246:4736 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68E60208  Ack: 0x244559CF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:24.589683 24.209.39.246:1083 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69F3D1D0  Ack: 0x24BA73A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:25.140682 24.209.39.246:1096 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69FD44D4  Ack: 0x24CCC598  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:34.926320 24.209.39.246:1380 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29187 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AF17EC7  Ack: 0x256E0A62  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:35.326775 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AFC22CA  Ack: 0x2551BBFC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:39.433562 24.209.39.246:1505 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29777 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B598E95  Ack: 0x25AAE2FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:43.134004 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B63E0F0  Ack: 0x25E707C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:46.909486 24.209.39.246:1722 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30896 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C140E28  Ack: 0x2685D7DB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.250603 24.209.39.246:1741 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30965 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C24213E  Ack: 0x26BB6675  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.637571 24.209.39.246:1749 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C2B6A64  Ack: 0x268A1D2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.924133 24.209.39.246:1764 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31092 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C382306  Ack: 0x26AC85E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:51.272408 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31584 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:54.451641 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:00.387702 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32926 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D6F8301  Ack: 0x27458F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:09.860716 24.209.39.246:2418 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34255 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E5FB106  Ack: 0x27FB1EE3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-16:55:12.396566 24.209.196.254:2690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70ED38BE  Ack: 0x60CBC298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-16:55:12.415964 24.209.196.254:2690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70ED3E72  Ack: 0x60CBC298  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:31:02.381535 24.209.98.148:1938 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:63181 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA3FD61FE  Ack: 0xE8F193B0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:31:02.410216 24.209.98.148:1938 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:63182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA3FD67B2  Ack: 0xE8F193B0  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:55.336283 24.166.45.37:1782 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:52672 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11D84304  Ack: 0x5582CDA5  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:58.907389 24.166.45.37:1835 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53039 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x120BB1E3  Ack: 0x555E2BD2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:59.030276 24.166.45.37:1839 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53056 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12100B18  Ack: 0x562625DD  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:02.325938 24.166.45.37:1881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53382 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1239E414  Ack: 0x557597BD  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:02.530306 24.166.45.37:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53412 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1242E768  Ack: 0x5628C150  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:00:02.712228 24.166.45.37:1897 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53436 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1247F510  Ack: 0x55FFA3A0  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:00:11.927410 24.166.45.37:2021 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54286 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12CA15DF  Ack: 0x56374C37  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:12.022314 24.166.45.37:2024 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54296 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x12CD2286  Ack: 0x567A4D7C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.168664 24.166.45.37:2159 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1352A04B  Ack: 0x56AF7B6D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.294441 24.166.45.37:2162 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x135593A5  Ack: 0x569B8757  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.442213 24.166.45.37:2163 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55207 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13573B56  Ack: 0x57727554  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:30.638534 24.166.45.37:2290 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56053 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13DAE846  Ack: 0x573145F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:33.973168 24.166.45.37:2340 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56400 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x140C9C88  Ack: 0x57C47881  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.051269 24.166.45.37:2340 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56686 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x140C9C88  Ack: 0x57C47881  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.387864 24.166.45.37:2389 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x143F38EF  Ack: 0x5787FFF3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.655606 24.166.45.37:2398 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56768 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1446DC76  Ack: 0x57C6744E  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.115121 24.209.39.246:1377 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25024 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1576F5D  Ack: 0xA7114D05  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.326889 24.209.39.246:1387 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25066 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x15F7CDA  Ack: 0xA71B1140  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.405184 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25082 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16484D5  Ack: 0xA70FBCAE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:47.071120 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25786 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1CDC810  Ack: 0xA75C9104  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:50.363061 24.209.39.246:1605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21B0310  Ack: 0xA7FD7C32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:53.722210 24.209.39.246:1715 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26618 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x276896F  Ack: 0xA79A4841  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:57.084961 24.209.39.246:1838 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DC86B2  Ack: 0xA7D0619C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.234171 24.209.39.246:1958 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27070 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34159A5  Ack: 0xA83566EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.344308 24.209.39.246:1963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x346003E  Ack: 0xA8B71B21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.429961 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34B21C9  Ack: 0xA7CEF783  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.572694 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34EA96C  Ack: 0xA8896AC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.690117 24.209.39.246:1982 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27154 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x355F75E  Ack: 0xA8AB932E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:01.020199 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:07.552513 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28388 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.221240 24.209.39.246:2388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B160A8  Ack: 0xA8A4A544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.303621 24.209.39.246:2394 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B74F1B  Ack: 0xA8FC909A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:13.558173 24.209.39.246:2501 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50E48B1  Ack: 0xA8EDCFB6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.075308 24.209.18.197:1340 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49905 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x694DF976  Ack: 0xB7070C9D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.219370 24.209.18.197:1344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49921 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x69513AF3  Ack: 0xB7598C9A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.330559 24.209.18.197:1346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49934 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6953CC03  Ack: 0xB72E6FDA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.432282 24.209.18.197:1348 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69553E2A  Ack: 0xB7703BCC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.516146 24.209.18.197:1352 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49952 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6958C8AB  Ack: 0xB75CB46B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:53.614482 24.209.18.197:1355 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x695A42D9  Ack: 0xB7C5B60C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:58.278915 24.209.18.197:1390 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50138 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x697E49B1  Ack: 0xB7E375B4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:58.421533 24.209.18.197:1404 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50159 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x698E4AE7  Ack: 0xB72EF0E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:01.924642 24.209.18.197:1444 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69B965DC  Ack: 0xB7AB2B06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.167945 24.209.18.197:1448 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69BE0327  Ack: 0xB7F8EA12  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.582096 24.209.18.197:1464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69C9F4A5  Ack: 0xB7B3FB36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.070159 24.209.18.197:1521 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FEE71D  Ack: 0xB874F9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.315114 24.209.18.197:1528 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A065123  Ack: 0xB881EB26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.398152 24.209.18.197:1533 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50703 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A0A00A5  Ack: 0xB837DA34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.505121 24.209.18.197:1535 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A0BCAF4  Ack: 0xB87F0CA5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:15.397446 24.209.98.148:1962 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6FC9A74  Ack: 0xB839FBD1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:15.433578 24.209.98.148:1962 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12674 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6FCA028  Ack: 0xB839FBD1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:53:38.361841 24.209.196.254:1434 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:14784 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1BB6DFA7  Ack: 0x20330219  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:53:38.384884 24.209.196.254:1434 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:14785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1BB6E55B  Ack: 0x20330219  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:00.225145 24.28.27.201:1150 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56736 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3B48DEF9  Ack: 0xD3AA75C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:00.668351 24.28.27.201:1160 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56799 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3B51C253  Ack: 0xD39DFD7E  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:03.935477 24.28.27.201:1218 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3B86F752  Ack: 0xD4312968  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:04.223044 24.28.27.201:1228 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57090 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3B8F3C86  Ack: 0xD4BB06EF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:13.456125 24.28.27.201:1406 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57922 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C3246A8  Ack: 0xD51E967D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-19:41:16.707081 24.28.27.201:1486 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58272 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3C79E793  Ack: 0xD4A90593  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-19:41:16.935293 24.28.27.201:1489 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58289 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3C7D9D77  Ack: 0xD545BF42  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.137011 24.28.27.201:1564 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58606 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3CBE27B4  Ack: 0xD4D5CB31  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.344363 24.28.27.201:1568 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58624 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CC202A0  Ack: 0xD5931F3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.524986 24.28.27.201:1577 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58643 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CC95014  Ack: 0xD53F2E0A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.722041 24.28.27.201:1582 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58676 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CCD6CBF  Ack: 0xD51E08C4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.945401 24.28.27.201:1585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58700 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CD0A4A7  Ack: 0xD53FBEA4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:21.160222 24.28.27.201:1587 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3CD34343  Ack: 0xD4FC9E8A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:21.349788 24.28.27.201:1592 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58753 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3CD75A5D  Ack: 0xD5AC719D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:24.339012 24.28.27.201:1592 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59054 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3CD75A5D  Ack: 0xD5AC719D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:24.752158 24.28.27.201:1664 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59100 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3D1A576E  Ack: 0xD5B2BF50  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:28.030483 24.28.27.201:1759 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59542 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D6D0778  Ack: 0xD5A42A54  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:55:31.787977 24.209.196.254:2145 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:16693 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708049D8  Ack: 0x9BF45F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:55:31.820199 24.209.196.254:2145 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:16694 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70804F8C  Ack: 0x9BF45F3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:23:19.556083 24.209.98.148:3226 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7509CFA2  Ack: 0x7234A3D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:23:19.576479 24.209.98.148:3226 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7509D556  Ack: 0x7234A3D8  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:09.791414 24.209.39.246:1600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26153 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6A7FF7FE  Ack: 0xC5E43B68  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:11.257048 24.209.39.246:1646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26388 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AA90114  Ack: 0xC5ABD7F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:12.585807 24.209.39.246:1687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26594 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6ACB7660  Ack: 0xC55F641E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:17.273191 24.209.39.246:1820 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B40065B  Ack: 0xC58CDBB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:21.951494 24.209.39.246:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BA8DDB3  Ack: 0xC641C3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:29.809107 24.209.39.246:2063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29196 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C11B7E4  Ack: 0xC7A32B6D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:30.969606 24.209.39.246:2185 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29383 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C7CD934  Ack: 0xC7FE827A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:32.126337 24.209.39.246:2224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C9B970D  Ack: 0xC7F97CC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:36.588877 24.209.39.246:2331 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CF98478  Ack: 0xC84BA9B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:38.042193 24.209.39.246:2375 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30452 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D1F435D  Ack: 0xC7D29EA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:39.405210 24.209.39.246:2412 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D415C08  Ack: 0xC801A6F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:43.710405 24.209.39.246:2544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6DAD18F9  Ack: 0xC85E47BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:45.161442 24.209.39.246:2582 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31583 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6DCE7D23  Ack: 0xC8341108  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:46.751549 24.209.39.246:2621 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31806 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DF0BF8A  Ack: 0xC90330DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:48.285280 24.209.39.246:2670 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32049 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6E1B89C6  Ack: 0xC87695B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:52.620173 24.209.39.246:2705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32783 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E3B939E  Ack: 0xC969DF4E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:02:24.883413 24.209.196.254:4828 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCE74892B  Ack: 0x7270ED0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:02:24.904107 24.209.196.254:4828 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCE748EDF  Ack: 0x7270ED0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:23:29.982133 24.209.196.254:4932 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB6BE4B  Ack: 0x56B9BF90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:23:30.025466 24.209.196.254:4932 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB6C3FF  Ack: 0x56B9BF90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:50.995461 24.209.18.197:2851 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8146 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x60E01602  Ack: 0x797C4790  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:51.101137 24.209.18.197:2855 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8167 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x60E4DDE6  Ack: 0x79305B8B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:00.464248 24.209.18.197:2969 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x615BD712  Ack: 0x7A5D8A4D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.853453 24.209.18.197:3118 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9017 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61EBC605  Ack: 0x7B2ABB9F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.979757 24.209.18.197:3119 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9029 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61ED4A1C  Ack: 0x7BA438D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.112688 24.209.18.197:3121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9042 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61EF12F1  Ack: 0x7BA9ED44  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.213130 24.209.18.197:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9054 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61F2F0D8  Ack: 0x7BA2D8D4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.843358 24.209.18.197:3188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9460 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622ECA64  Ack: 0x7B45C918  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.995783 24.209.18.197:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62555A5F  Ack: 0x7BB493C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.282343 24.209.18.197:3421 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10170 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6305A5AD  Ack: 0x7C7C4808  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.398027 24.209.18.197:3423 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630802DD  Ack: 0x7BFBB762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.473774 24.209.18.197:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630910E7  Ack: 0x7BF8E82C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:35.764625 24.209.18.197:3561 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x638E8C27  Ack: 0x7CF13E67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.844491 24.209.18.197:3563 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63901A11  Ack: 0x7CB13419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.940394 24.209.18.197:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10739 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x63C33E15  Ack: 0x7CE52832  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:48.248307 24.209.18.197:3777 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6459F219  Ack: 0x7DCBBDD1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:57.198975 24.93.48.91:4129 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42778 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEF7E789C  Ack: 0x7DCA38AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:58.657071 24.93.48.91:4150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42925 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF928113  Ack: 0x7DDF2C3B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:09.081885 24.93.48.91:4278 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43880 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF015EEF3  Ack: 0x7ED6FBC5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:13.293941 24.93.48.91:4332 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44262 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF04F2420  Ack: 0x7F128759  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:14.170805 24.93.48.91:4350 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44351 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF060ABD2  Ack: 0x7F1A4A2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:34:15.589148 24.93.48.91:4369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44487 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF070F735  Ack: 0x7EC19EDF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:34:25.640660 24.93.48.91:4496 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45369 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0F66F16  Ack: 0x7F4F547B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:30.000808 24.93.48.91:4557 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45819 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF1340E5E  Ack: 0x802F003B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:34.140878 24.93.48.91:4612 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF16CC2F2  Ack: 0x8050DF26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:35.472110 24.93.48.91:4633 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF17FFE3C  Ack: 0x806C72F3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:36.600595 24.93.48.91:4644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18CF8FF  Ack: 0x8002E0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:37.891797 24.93.48.91:4662 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF19E9E30  Ack: 0x80715670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:39.129121 24.93.48.91:4686 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46698 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF1B61525  Ack: 0x80C029F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:40.535738 24.93.48.91:4707 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1CABCB1  Ack: 0x80F375B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:41.463609 24.93.48.91:4722 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46943 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF1DABCAD  Ack: 0x80D2DF48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:42.716071 24.93.48.91:4739 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:47066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1EB5092  Ack: 0x809156C4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.211349 24.209.39.246:4557 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6FFBCD  Ack: 0xC03F03CC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.474149 24.209.39.246:4561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11070 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x73C1CD  Ack: 0xC0474054  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.620873 24.209.39.246:4568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11096 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x793C95  Ack: 0xC06193C6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.328043 24.209.39.246:4668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11577 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCEA2D8  Ack: 0xC1323FB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.848677 24.209.39.246:4683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11652 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD9D48D  Ack: 0xC04179C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:53.301670 24.209.39.246:1059 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1FCA14F  Ack: 0xC15484AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:57.400911 24.209.39.246:1082 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20F888B  Ack: 0xC15679F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.661529 24.209.39.246:1491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15094 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x365F113  Ack: 0xC1CDB3A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.812035 24.209.39.246:1495 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3693E13  Ack: 0xC1BDAA6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.976152 24.209.39.246:1503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15138 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36FBCB5  Ack: 0xC1CBA026  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.525412 24.209.39.246:1513 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x378647E  Ack: 0xC1A95B92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.775495 24.209.39.246:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15248 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x37DC65C  Ack: 0xC26B43CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.260803 24.209.39.246:1601 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C5BBB2  Ack: 0xC212BC52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.840948 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3D305FE  Ack: 0xC2A1AB24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:12.598923 24.209.39.246:1635 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15754 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E25700  Ack: 0xC2557E52  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:01:08.181668 24.225.182.78:3321 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEE33C93  Ack: 0xE46AAC64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:01:08.199971 24.225.182.78:3321 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEE34247  Ack: 0xE46AAC64  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:25.393784 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56393 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D7FF06  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:46.447269 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56946 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D7FF06  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:46.629931 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D804BA  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:13.236275 24.245.2.233:2023 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45163 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A26CBA3  Ack: 0xECFC7E2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.074552 24.245.2.233:2144 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45756 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2A90F8FB  Ack: 0xED1FFA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.801982 24.245.2.233:2162 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AA205F8  Ack: 0xED08B33C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:19.622936 24.245.2.233:2180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45967 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AB1E555  Ack: 0xED5B656E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:20.298916 24.245.2.233:2198 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46075 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2AC38D63  Ack: 0xED891C33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:27.413283 24.245.2.233:2316 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B2968B5  Ack: 0xEE2C79FB  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:31.074542 24.245.2.233:2423 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47940 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B882B1E  Ack: 0xEE451B52  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:35.310389 24.245.2.233:2590 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48430 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2C1D72E8  Ack: 0xEE15A2EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:39.139436 24.245.2.233:2608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C2CB603  Ack: 0xEE66F5AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:42.854983 24.245.2.233:2706 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C838935  Ack: 0xEF16C5E7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:46.979172 24.245.2.233:2896 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49967 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D2B27A8  Ack: 0xEF664E81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:50.574647 24.245.2.233:2926 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D43D324  Ack: 0xEF08DA85  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:54.601467 24.245.2.233:3103 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2DDEB883  Ack: 0xEF2DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:55.574742 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50942 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:58.385144 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:12:03.031848 24.245.2.233:3344 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2EACF522  Ack: 0xEFBF5684  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:17.820892 24.205.10.247:1287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13960 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD83EFE10  Ack: 0x4B0DF286  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:24.572990 24.205.10.247:1365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14134 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD89195A1  Ack: 0x4B2844A5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:28.150447 24.205.10.247:1414 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14233 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8C41532  Ack: 0x4BCC597E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:28.494086 24.205.10.247:1416 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8C6D5D7  Ack: 0x4B6FC6DE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:37.776105 24.205.10.247:1546 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14563 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD94D7962  Ack: 0x4C4A8102  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-02:59:38.153081 24.205.10.247:1551 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14576 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD952A4FD  Ack: 0x4C15308E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-02:59:38.503082 24.205.10.247:1553 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD954EAF3  Ack: 0x4C1D568F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:38.836443 24.205.10.247:1556 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14601 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD959254A  Ack: 0x4C18B06A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:39.190517 24.205.10.247:1557 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD95B2BF7  Ack: 0x4CA9EF19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:48.930297 24.205.10.247:1681 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD9DE0FB1  Ack: 0x4D5C2B40  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:49.278635 24.205.10.247:1688 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14916 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD9E4B8D4  Ack: 0x4CACC8CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:52.582313 24.205.10.247:1744 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15107 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA1A6E6A  Ack: 0x4D4A6DF9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.174978 24.205.10.247:1900 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDAB40F8A  Ack: 0x4E049187  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.517064 24.205.10.247:1906 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15567 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAB95675  Ack: 0x4D8B5D51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.823257 24.205.10.247:1915 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15580 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDAC0D177  Ack: 0x4DB1F480  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:03.156808 24.205.10.247:1920 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15601 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAC55D61  Ack: 0x4D6001D2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:02.659635 24.157.60.48:3379 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:63769 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5BA4B3FB  Ack: 0x60D3CABF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:12.750219 24.157.60.48:3671 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64961 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5CA835EF  Ack: 0x60F02755  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:13.613736 24.157.60.48:3687 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:65037 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5CB59B6F  Ack: 0x60CDC614  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:22.754107 24.157.60.48:3960 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:800 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5DA2B50A  Ack: 0x621D7125  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:45.083342 24.157.60.48:4541 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3781 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F9E5D81  Ack: 0x62DE03BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:05:46.876886 24.157.60.48:4587 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4001 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FC574AF  Ack: 0x62ED5A1C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:06:32.821221 24.157.60.48:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:10083 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x64409BAF  Ack: 0x661364DA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:43.735825 24.157.60.48:2201 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:11427 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6534762E  Ack: 0x663CDB53  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:50.311992 24.157.60.48:2381 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12298 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65D3798A  Ack: 0x6720E1F9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:52.668525 24.157.60.48:2381 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65D3798A  Ack: 0x6720E1F9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:54.628491 24.157.60.48:2508 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12786 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66438EDA  Ack: 0x673B3279  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:56.608532 24.157.60.48:2536 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12990 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x665CF35E  Ack: 0x67476273  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:07.310917 24.157.60.48:2834 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14375 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x67643C49  Ack: 0x67D79DC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:09.377190 24.157.60.48:2888 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6793A444  Ack: 0x686F5DD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:11.685838 24.157.60.48:2943 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14862 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67C2F78F  Ack: 0x68852177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:16.147834 24.157.60.48:3006 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:15479 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67FA29F3  Ack: 0x69008164  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:23.771875 24.209.42.242:1445 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22143 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA84A4ABC  Ack: 0xF1847787  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:26.956721 24.209.42.242:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22319 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA88BC1D2  Ack: 0xF2108AF2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.044953 24.209.42.242:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22328 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88D6332  Ack: 0xF208C192  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.140971 24.209.42.242:1519 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22348 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88EB7AC  Ack: 0xF20EC748  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.242435 24.209.42.242:1521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA8907843  Ack: 0xF1CD89DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:43:27.320134 24.209.42.242:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22366 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA892A85F  Ack: 0xF2705191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:43:27.381906 24.209.42.242:1524 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA893EADF  Ack: 0xF1E0A2D5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.454650 24.209.42.242:1525 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22380 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8948B03  Ack: 0xF2003C97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.525179 24.209.42.242:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22389 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA895A8CD  Ack: 0xF2421A71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.670668 24.209.42.242:1685 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22836 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92AD9AC  Ack: 0xF26669B5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.778516 24.209.42.242:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22848 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92C6308  Ack: 0xF2283CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.889575 24.209.42.242:1690 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92E7B15  Ack: 0xF28B805C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.981186 24.209.42.242:1691 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22864 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA92F8F25  Ack: 0xF2E0DDD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:37.063500 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739  Ack: 0xF2BF58E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:40.341688 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23031 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739  Ack: 0xF2BF58E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:46.146199 24.209.42.242:1873 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA9DA3138  Ack: 0xF2CFEA72  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:46.232042 24.209.42.242:1875 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9DC3962  Ack: 0xF2FCA162  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:46:07.810696 24.225.150.212:4824 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x577BDA9D  Ack: 0xFBB64F24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:46:07.840535 24.225.150.212:4824 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x577BE051  Ack: 0xFBB64F24  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-09:16:30.168082 66.196.73.77:38913 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3251 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD9EFBF14  Ack: 0xDB0BBC5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:58.557186 24.226.59.104:1299 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17355 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x82B6B116  Ack: 0x1A2B161  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:59.319195 24.226.59.104:1338 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17512 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x82D604EB  Ack: 0x2263B91  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:59.717096 24.226.59.104:1355 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17591 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82E45A1C  Ack: 0x280CA48  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:00.070177 24.226.59.104:1372 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17665 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82F1568F  Ack: 0x268D6A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:09.519132 24.226.59.104:1902 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19579 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84977773  Ack: 0x2BE7267  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-11:42:09.936352 24.226.59.104:1921 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x84A6EF21  Ack: 0x2EDC24A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-11:42:10.287404 24.226.59.104:1938 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19749 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x84B48219  Ack: 0x29BEEC7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:10.565707 24.226.59.104:1958 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19812 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x84C35CCB  Ack: 0x2A4AC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:20.098090 24.226.59.104:2520 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:21949 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86850155  Ack: 0x334F751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:20.606287 24.226.59.104:2546 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22059 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8699B9DE  Ack: 0x2F7B68B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:21.102664 24.226.59.104:2579 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86B4703C  Ack: 0x3569AE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:21.668330 24.226.59.104:2605 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C8E5DC  Ack: 0x3C988E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:31.290238 24.226.59.104:3185 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24468 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x889488B0  Ack: 0x4095F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:31.731476 24.226.59.104:3214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24571 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88AB50E4  Ack: 0x372E7DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:34.638951 24.226.59.104:3214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25196 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88AB50E4  Ack: 0x372E7DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:35.213084 24.226.59.104:3421 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25323 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x89522648  Ack: 0x405462C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:44.466153 24.226.59.104:3932 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AEDB63B  Ack: 0x43C7AC7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:23:53.709443 24.225.185.140:4024 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:53022 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1EC917AA  Ack: 0x9FAB31A6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:23:58.451931 24.225.185.140:4199 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55679 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F5480E8  Ack: 0xA0A2A549  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:02.964910 24.225.185.140:4748 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x210C5D76  Ack: 0xA024067F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:04.464388 24.225.185.140:4888 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2179BE27  Ack: 0xA0EA44AB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:09.009094 24.225.185.140:1194 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22576460  Ack: 0xA0826D75  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-12:24:19.563603 24.225.185.140:1318 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60046 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x22B8D5FC  Ack: 0xA09A41E5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-12:24:24.608109 24.225.185.140:2317 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x25CB1C6A  Ack: 0xA1FDBE02  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:32.630305 24.225.185.140:2662 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62553 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x26E0147D  Ack: 0xA225C287  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.675802 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30840 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA86CC  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.771433 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA8C80  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:25.426637 129.137.91.78:1247 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30329 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x246DFA1A  Ack: 0x9180B842  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:25.963013 129.137.91.78:1247 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30338 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x246DFAA7  Ack: 0x9180B9B0  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:53.419908 129.137.91.78:1249 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30899 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x668D9CC8  Ack: 0x93C65DFC  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:53.800294 129.137.91.78:1250 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30911 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x80E61BE7  Ack: 0x93232BC3  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:57.363031 129.137.91.78:1251 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30970 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x7B696A41  Ack: 0x93A55FF6  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-18:14:46.813269 24.42.15.25:3011 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2677 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21F0B795  Ack: 0xCD419C83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-18:14:46.877730 24.42.15.25:3011 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2678 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21F0BD49  Ack: 0xCD419C83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:30:35.490586 24.209.98.148:4424 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42539 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4600D72  Ack: 0xEB3E614F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:30:35.521823 24.209.98.148:4424 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4601326  Ack: 0xEB3E614F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:01.278046 24.129.102.205:2610 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22667 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA2FB51E2  Ack: 0xF3B6F3EE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:05.895569 24.129.102.205:2796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23354 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA3989CD2  Ack: 0xF4643C98  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:06.673545 24.129.102.205:2814 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23450 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3A9D5FA  Ack: 0xF47B717C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:25.768449 24.129.102.205:3219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26055 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA4F84A00  Ack: 0xF4F0BD20  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:35.999897 24.129.102.205:3976 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27320 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA75EA834  Ack: 0xF75C25AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-19:33:49.007778 24.129.102.205:4367 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29068 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8A1D6C8  Ack: 0xF788A18A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-19:33:53.375919 24.129.102.205:4770 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29694 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA9A61ECA  Ack: 0xF7CFE326  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:54.170107 24.129.102.205:4800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29784 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA9B88D50  Ack: 0xF7E1F34C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:58.412091 24.129.102.205:1072 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30388 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA3C19F2  Ack: 0xF887340E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:59.314697 24.129.102.205:1096 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30476 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA508F91  Ack: 0xF8A04D8F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:06.739095 24.129.102.205:1282 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAAEE2668  Ack: 0xF9257EA6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:36.337783 24.129.102.205:2551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35708 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAF127D49  Ack: 0xFAB25F24  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:46.063225 24.129.102.205:2569 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37025 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF22530C  Ack: 0xFAB1EDCE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:47.031932 24.129.102.205:2959 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37133 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB06873E4  Ack: 0xFB7C64BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:47.570518 24.129.102.205:3044 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0AA570A  Ack: 0xFB0D5D27  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:10:28.130486 24.209.196.254:2485 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47808 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x508FCE46  Ack: 0x82761370  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:10:28.162753 24.209.196.254:2485 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x508FD3FA  Ack: 0x82761370  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:32:08.274521 24.157.60.48:1828 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33586 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ED9199  Ack: 0xD327EC5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:32:08.337760 24.157.60.48:1828 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33587 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ED974D  Ack: 0xD327EC5D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:40:02.387406 24.81.48.235:3757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56112 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD9534E21  Ack: 0xF1D413AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:40:02.482926 24.81.48.235:3757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56113 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95353D5  Ack: 0xF1D413AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:57:17.053727 61.11.35.67:4382 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:53657 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xF65AD2A4  Ack: 0x32B07918  Win: 0x27B4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:57:17.265955 61.11.35.67:4382 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:53658 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xF65AD850  Ack: 0x32B07918  Win: 0x27B4  TcpLen: 20

[**] [111:13:1] (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection [**]
05/14-21:00:54.229774 69.10.8.124:22 -> 192.168.1.6:22
TCP TTL:22 TOS:0x0 ID:39426 IpLen:20 DgmLen:40
******SF Seq: 0x40BB05AB  Ack: 0x41104B05  Win: 0x404  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:40.954839 24.165.15.145:4591 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6420D020  Ack: 0x472997C1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:45.315183 24.165.15.145:4815 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21169 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x64DA0C2D  Ack: 0x46CE8E3F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:49.133950 24.165.15.145:4858 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21834 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64FC542A  Ack: 0x478AA28D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:52.877264 24.165.15.145:1182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22495 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x65FA6B1F  Ack: 0x47E3DD02  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:57.195337 24.165.15.145:1354 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23210 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6687DDB7  Ack: 0x4801A4C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-21:02:58.114782 24.165.15.145:1379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x669BED6B  Ack: 0x48358999  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-21:02:58.864845 24.165.15.145:1410 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23512 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66B5EA20  Ack: 0x48273ADD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:59.662259 24.165.15.145:1429 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23646 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x66C5F8A5  Ack: 0x482F0607  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:00.079763 24.165.15.145:1446 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66D5947C  Ack: 0x4858C1DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:04.002911 24.165.15.145:1584 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x674CDF39  Ack: 0x482A1C08  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:07.736277 24.165.15.145:1693 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67AB8092  Ack: 0x48C42968  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:08.173966 24.165.15.145:1714 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24859 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67BAC631  Ack: 0x4827D445  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:08.546938 24.165.15.145:1720 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24893 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x67C0B1C2  Ack: 0x48B4C322  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:12.143086 24.165.15.145:1830 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25357 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x68214C04  Ack: 0x48716B1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:12.520648 24.165.15.145:1847 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25388 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x682F8D7A  Ack: 0x48F2E54E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:22.733169 24.165.15.145:2273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26819 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x698FE03F  Ack: 0x491BBBD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-22:52:55.951164 24.218.145.201:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFAB1066C  Ack: 0xE84D7C6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-22:52:55.952518 24.218.145.201:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15600 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFAB10C20  Ack: 0xE84D7C6E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-23:25:49.480391 24.196.16.17:4867 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48835 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D56F833  Ack: 0x63CF163B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-23:25:49.550540 24.196.16.17:4867 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48836 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D56FDE7  Ack: 0x63CF163B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-00:34:38.423979 66.196.65.24:33130 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:60478 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x11059A30  Ack: 0x6806B4AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-00:36:54.491631 24.81.210.230:1601 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:14684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDEDB5686  Ack: 0x708E1E56  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-00:36:54.588485 24.81.210.230:1601 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:14685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDEDB5C3A  Ack: 0x708E1E56  Win: 0xFFFF  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-01:06:51.896335 12.126.33.98 -> 192.168.1.6
ICMP TTL:233 TOS:0x0 ID:64871 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:45889 -> 208.244.233.4:113
TCP TTL:49 TOS:0x0 ID:35332 IpLen:20 DgmLen:60 DF
Seq: 0xE23E44E0  Ack: 0x6B20C33E
** END OF DUMP

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:31.723936 24.99.137.153:1682 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59724 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8786BC6E  Ack: 0x9D4A9DA4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.602600 24.99.137.153:1863 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60686 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x882161F7  Ack: 0x9DC96978  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.740725 24.99.137.153:1998 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60709 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x88982506  Ack: 0x9D2E8C4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.885593 24.99.137.153:2002 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60731 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x889B6CA2  Ack: 0x9DB6B0DB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:40.390189 24.99.137.153:2019 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60782 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88A9F549  Ack: 0x9DDDC872  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-01:56:53.174741 24.99.137.153:2496 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62916 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A2A3FC9  Ack: 0x9E0074F5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-01:56:53.319563 24.99.137.153:2649 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62933 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A9E246B  Ack: 0x9EADAC75  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:02.743307 24.99.137.153:3070 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64532 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BFFEF38  Ack: 0x9EF754F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:02.945040 24.99.137.153:3075 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64555 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8C054F09  Ack: 0x9EAC51FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.398695 24.99.137.153:3434 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D310182  Ack: 0x9F6150F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.551389 24.99.137.153:3438 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D34EB6F  Ack: 0x9F7A8F42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.724436 24.99.137.153:3448 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:245 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3CEE06  Ack: 0xA0114684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.910119 24.99.137.153:3451 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8D40AFAB  Ack: 0x9FCF497B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:13.046338 24.99.137.153:3460 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:331 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8D48E195  Ack: 0x9FF8F28D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:13.223600 24.99.137.153:3465 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:363 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8D4E59C7  Ack: 0x9F94FCD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:22.647258 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8EBA468B  Ack: 0xA064C76E  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-06:06:25.314322 151.204.211.128:63606 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:57123 IpLen:20 DgmLen:187
***AP*** Seq: 0x71E21CE6  Ack: 0x4DA269A8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-07:30:44.106473 66.147.154.3:41212 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:11100 IpLen:20 DgmLen:229 DF
***AP*** Seq: 0x5470CF15  Ack: 0x8B7E7916  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22302740 1654247276 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-08:42:26.542102 24.83.20.152:3874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB27128A  Ack: 0x9AF4CC49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-08:42:26.639343 24.83.20.152:3874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB27183E  Ack: 0x9AF4CC49  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-09:06:52.745014 24.98.4.90:1764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25757 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x519AF244  Ack: 0xF6FC6290  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-09:06:52.754511 24.98.4.90:1764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25758 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x519AF7F8  Ack: 0xF6FC6290  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:20.840266 24.63.13.134:3139 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16052 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x454E2ED5  Ack: 0xAF771C94  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:31.327285 24.63.13.134:3804 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18013 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x47480A55  Ack: 0xB02F8492  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:36.060997 24.63.13.134:4243 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18912 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x489B3A67  Ack: 0xB0B5885A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:37.719727 24.63.13.134:4440 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19204 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49191A17  Ack: 0xB099CD54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:39.200382 24.63.13.134:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x49604C38  Ack: 0xB024C9CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:44.763666 24.63.13.134:4848 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20497 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49C609D9  Ack: 0xB0F85829  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:50.122762 24.63.13.134:1473 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:21586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B585201  Ack: 0xB14050D6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:55.020167 24.63.13.134:1789 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4C4B4FA2  Ack: 0xB18BC03C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:59.663823 24.63.13.134:1925 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB2FE76  Ack: 0xB2261DDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:34.584585 24.63.13.134:2040 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:3547 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x99458DB2  Ack: 0xCAA94A21  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:38.670832 24.63.13.134:2169 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:4485 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x99A7C67B  Ack: 0xCA90ADA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:42.890714 24.63.13.134:2635 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:5320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B024E88  Ack: 0xCAF9426A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:05.312093 24.63.13.134:2706 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9534 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B346E88  Ack: 0xCB2FA9EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:06.707286 24.63.13.134:4145 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F77B445  Ack: 0xCC0AF929  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:11.110049 24.63.13.134:4479 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10753 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA06D5077  Ack: 0xCC3F62A3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:12.562362 24.63.13.134:4550 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0812844  Ack: 0xCCE9E56E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:16.959844 24.63.13.134:4842 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:11782 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0EB82C6  Ack: 0xCCED25CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:21.680298 24.63.13.134:1252 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:12656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1D0DDC2  Ack: 0xCCF4A247  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:26.232725 24.63.13.134:1747 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:13599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA34621CA  Ack: 0xCD915946  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:36.590180 24.63.13.134:1770 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA35A4DB1  Ack: 0xCD4E0C65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.506908 24.63.13.134:2505 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16457 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA57E9A30  Ack: 0xCE91B79D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.988000 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16523 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:43.861369 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:44.720084 24.63.13.134:2938 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17158 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6C8E59D  Ack: 0xCEEEECC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:45.844813 24.63.13.134:3064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17462 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA7234A7F  Ack: 0xCE468533  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:50.599893 24.63.13.134:3305 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18396 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7DF7E65  Ack: 0xCEC4F287  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-12:20:05.885999 24.91.171.1:2652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11495 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7043E523  Ack: 0xD1214470  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-12:20:05.915689 24.91.171.1:2652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7043EAD7  Ack: 0xD1214470  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:16.363253 24.99.136.16:1667 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:54002 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAA01EE6C  Ack: 0x9F93837C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:20.153723 24.99.136.16:1778 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:54692 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAA58C9CC  Ack: 0x9FD003FF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:33.260149 24.99.136.16:2810 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57215 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAD88CDB2  Ack: 0xA0657F8D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:37.369635 24.99.136.16:3181 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57931 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEAF7776  Ack: 0xA07B786D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-15:30:37.927826 24.99.136.16:3198 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58012 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEBDFFAA  Ack: 0xA0D4C898  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-15:30:38.591502 24.99.136.16:3226 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58106 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAED54692  Ack: 0xA1043A58  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:48.492284 24.99.136.16:3770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59662 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB08B423B  Ack: 0xA1387BC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:58.715315 24.99.136.16:4301 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61447 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB22A2C6C  Ack: 0xA1E545D8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:02.384414 24.99.136.16:4614 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62272 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB31C71E7  Ack: 0xA23DC69B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:12.422018 24.99.136.16:1542 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5E0100B  Ack: 0xA2E12363  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:13.065901 24.99.136.16:1561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64280 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB5F13769  Ack: 0xA290D48A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:16.560733 24.99.136.16:1594 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64895 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB60D6B99  Ack: 0xA3584A1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:20.031115 24.99.136.16:1947 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65480 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB72C1A0D  Ack: 0xA36AF950  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:20.690957 24.99.136.16:1969 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB73CDACC  Ack: 0xA31FAA51  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:18.110375 24.30.227.136:4126 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30849 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x15FA99B3  Ack: 0xB893BBFF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:24.680213 24.30.227.136:4318 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31721 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x16A203F2  Ack: 0xB920E51E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:25.370646 24.30.227.136:4330 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31804 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16AD9E23  Ack: 0xB8B3483A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:26.121091 24.30.227.136:4355 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31910 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16C45E6F  Ack: 0xB8E0D66C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:26.831234 24.30.227.136:4377 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32008 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x16D8030B  Ack: 0xB8A6862B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-17:52:27.488360 24.30.227.136:4392 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32093 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16E4F0F9  Ack: 0xB9489C8E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-17:52:31.674558 24.30.227.136:4517 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32663 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x175216A3  Ack: 0xB9946608  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:32.150053 24.30.227.136:4533 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32750 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17601078  Ack: 0xB9ABAD0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:42.494568 24.30.227.136:4848 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34145 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x186AB585  Ack: 0xB9B62F2F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:55.642345 24.30.227.136:3153 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x196DAE82  Ack: 0xBA196E88  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:56.388419 24.30.227.136:3261 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36070 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CC115F  Ack: 0xBAC9FC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:00.435643 24.30.227.136:3380 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36643 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1A30D569  Ack: 0xBAC3CC40  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:01.182685 24.30.227.136:3407 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36759 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1A4674B8  Ack: 0xBB7667F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:01.926359 24.30.227.136:3434 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36857 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A5C1A5C  Ack: 0xBB7AFFEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:04.847634 24.30.227.136:3434 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37322 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A5C1A5C  Ack: 0xBB7AFFEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:05.634262 24.30.227.136:3566 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37413 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1ACDEF59  Ack: 0xBB376497  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:06.291726 24.30.227.136:3586 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37494 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1ADDB51B  Ack: 0xBBC1BB2B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:15.706798 24.168.247.208:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42466 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AA28AF2  Ack: 0xBBE35CAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:15.713164 24.168.247.208:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AA290A6  Ack: 0xBBE35CAE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:37.461402 24.125.85.187:2698 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36501 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74EF04F7  Ack: 0xCCF4C7BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:38.172969 24.125.85.187:2773 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36667 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75286EA1  Ack: 0xCD4AB703  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:38.765632 24.125.85.187:2792 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36752 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75373936  Ack: 0xCD8B132E  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:39.078135 24.125.85.187:2819 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36830 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x754EC2AE  Ack: 0xCD141342  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:39.438122 24.125.85.187:2837 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36885 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x755DC6F3  Ack: 0xCCE1ED6B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:13:39.855507 24.125.85.187:2857 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36938 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x756D5E12  Ack: 0xCD6B9F41  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:13:40.306316 24.125.85.187:2868 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37058 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75764CA9  Ack: 0xCD2638E4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:49.742967 24.125.85.187:3344 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38405 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x76EEC2E8  Ack: 0xCD8B06A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:50.046873 24.125.85.187:3364 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38440 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76FE9EAC  Ack: 0xCD6F34F5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:53.389878 24.125.85.187:3546 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39013 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77920E61  Ack: 0xCDA59044  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:53.700628 24.125.85.187:3562 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39051 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x779F1C15  Ack: 0xCDBED300  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:54.288278 24.125.85.187:3576 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77AB16F2  Ack: 0xCE24C6B0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:55.004543 24.125.85.187:3607 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39210 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x77C30B84  Ack: 0xCE4A36B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:14:05.557065 24.125.85.187:4205 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41120 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x79988F92  Ack: 0xCE70A905  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:14:05.774675 24.125.85.187:4209 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x799BCBEC  Ack: 0xCF13F53E  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:22.441753 24.209.36.194:4107 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48169 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C9D409  Ack: 0x20731CF1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.292533 24.209.36.194:4132 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48285 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89E09D17  Ack: 0x20F4DBEC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.566114 24.209.36.194:4153 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48345 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89F2ACDE  Ack: 0x2107E6AC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.022614 24.209.36.194:4163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48412 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89FAC05C  Ack: 0x20CBF0F0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.972540 24.209.36.194:4186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48559 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A0F1BD5  Ack: 0x209B08C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:29.083461 24.209.36.194:4308 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49106 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A7AA66C  Ack: 0x21036F14  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:30.486949 24.209.36.194:4333 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49268 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A924666  Ack: 0x21CCC914  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.188580 24.209.36.194:4502 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50056 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8B227A8E  Ack: 0x2116AB27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.432627 24.209.36.194:4510 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50103 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B29A572  Ack: 0x2139DC12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.596893 24.209.36.194:4520 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50143 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B31DE67  Ack: 0x21E73928  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.364442 24.209.36.194:4638 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9858CE  Ack: 0x22096F5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.670534 24.209.36.194:4646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50752 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9F16AA  Ack: 0x215BAB56  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.819186 24.209.36.194:4653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50777 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BA5270A  Ack: 0x222E6858  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.921393 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50792 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:41.961835 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51216 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.244048 24.209.36.194:4752 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51256 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BFDB097  Ack: 0x21D9DCD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.573752 24.209.36.194:4765 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C083C84  Ack: 0x228690FF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-21:05:00.180370 24.126.134.104:4545 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:4698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB19A6FBB  Ack: 0x8F96F615  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-21:05:00.220030 24.126.134.104:4545 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:4699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB19A756F  Ack: 0x8F96F615  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:06:54.986507 24.199.188.226:3700 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58218 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF2070A1  Ack: 0x7963A408  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:06:57.940688 24.199.188.226:3700 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58633 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF2070A1  Ack: 0x7963A408  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:03.217989 24.199.188.226:4013 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59401 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE02B40EB  Ack: 0x79915D96  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:03.680486 24.199.188.226:4032 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59474 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE03ABCA0  Ack: 0x79B07E2E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:13.242540 24.199.188.226:4379 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60672 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE15E0E29  Ack: 0x7A1F9B3B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:16.758616 24.199.188.226:4505 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1C7C58B  Ack: 0x7A9DEF57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-22:07:23.378864 24.199.188.226:4610 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61744 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE221E86D  Ack: 0x7B1112EE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-22:07:27.088411 24.199.188.226:4842 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:62248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE2E828D4  Ack: 0x7AE55790  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:27.447402 24.199.188.226:4853 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:62291 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE2F0E8E9  Ack: 0x7B65BEA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:36.912447 24.199.188.226:3216 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63612 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4293903  Ack: 0x7C021E25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:37.166872 24.199.188.226:3221 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE42E4EEB  Ack: 0x7C0F1DE1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:37.400551 24.199.188.226:3224 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4318F7F  Ack: 0x7C55BF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:40.905042 24.199.188.226:3363 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4A882D6  Ack: 0x7B9BFB82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.084581 24.199.188.226:3371 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64195 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE4AEF74F  Ack: 0x7C0D74F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.293849 24.199.188.226:3378 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64216 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B432B4  Ack: 0x7C78E531  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.515359 24.199.188.226:3385 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64251 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE4BAB44D  Ack: 0x7C1B21F0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.748614 24.199.188.226:3396 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64282 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4C37CBC  Ack: 0x7C2B51F6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:44.857317 24.199.188.226:3396 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4C37CBC  Ack: 0x7C2B51F6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:52:02.072438 24.158.157.34:3072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FC59E99  Ack: 0x24E3AAAC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:52:02.168913 24.158.157.34:3072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FC5A44D  Ack: 0x24E3AAAC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:05.846421 24.209.42.242:3176 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18089 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6353890D  Ack: 0x7B8A64DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:06.144917 24.209.42.242:3183 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18109 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x63590028  Ack: 0x7B0E2564  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:09.311796 24.209.42.242:3292 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18383 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x63B522DA  Ack: 0x7BB11D70  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:18.391081 24.209.42.242:3597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B76898  Ack: 0x7C856697  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:18.574294 24.209.42.242:3600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19344 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64BA32BD  Ack: 0x7BD81A1D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-23:15:21.649842 24.209.42.242:3681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19614 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65038933  Ack: 0x7C29B4B6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-23:15:21.785283 24.209.42.242:3682 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19624 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6504BF07  Ack: 0x7C3034D6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.001692 24.209.42.242:3785 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19859 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x65587511  Ack: 0x7C118628  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.113253 24.209.42.242:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655BFB2F  Ack: 0x7C9EEB61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.264494 24.209.42.242:3792 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19908 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655F3B0E  Ack: 0x7C9AFAA0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:28.414076 24.209.42.242:3901 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65BAE6BC  Ack: 0x7C479D90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:31.536464 24.209.42.242:3983 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20486 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66028730  Ack: 0x7CDF4251  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.661645 24.209.42.242:4100 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20789 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6660A626  Ack: 0x7CF67FED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.844446 24.209.42.242:4104 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6663F7F9  Ack: 0x7D495F67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.983160 24.209.42.242:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20831 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6669D2F8  Ack: 0x7D794FC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:44.105712 24.209.42.242:4485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22002 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x679AEA3D  Ack: 0x7D9883AF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:29:19.354413 24.68.67.114:26869 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8650 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F63D9FB  Ack: 0xB10A51AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:29:19.420946 24.68.67.114:26869 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F63DFAF  Ack: 0xB10A51AC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:45.065705 24.157.173.39:1708 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18578 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFAA12381  Ack: 0x647D46E7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:46.571531 24.157.173.39:1728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18767 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFAB48B0A  Ack: 0x648C5518  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:51.063182 24.157.173.39:1786 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19209 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFAF04C2E  Ack: 0x651F70E0  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:55.082728 24.157.173.39:1845 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFB2C6E23  Ack: 0x6553C622  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:56.576364 24.157.173.39:1863 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFB3CEEAB  Ack: 0x65A55D75  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-00:16:57.569152 24.157.173.39:1878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB4E9D9C  Ack: 0x654074F6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-00:16:58.556264 24.157.173.39:1898 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19898 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB5F7EB8  Ack: 0x654689F9  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:00.070526 24.157.173.39:1910 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19988 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFB6B4030  Ack: 0x65AB35E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:01.062527 24.157.173.39:1931 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB81896D  Ack: 0x65A90AB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:02.064368 24.157.173.39:1945 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20215 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB906A09  Ack: 0x658B95A2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:06.577976 24.157.173.39:1998 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20597 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBCBABC1  Ack: 0x65BD1512  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:07.574388 24.157.173.39:2016 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBDF325E  Ack: 0x667B7DB1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:09.075727 24.157.173.39:2039 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20850 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFBF46431  Ack: 0x65EB1240  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:10.087637 24.157.173.39:2056 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20980 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC070468  Ack: 0x667848E5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:11.577223 24.157.173.39:2076 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21106 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFC19AC16  Ack: 0x660C0610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:12.597421 24.157.173.39:2095 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21242 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC2BB026  Ack: 0x6679FAD5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:22.489402 24.91.57.211:3131 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9623 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9FF355A5  Ack: 0x685AD1DC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:26.265087 24.91.57.211:3180 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9725 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0255DA7  Ack: 0x6888B0E8  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:35.725158 24.91.57.211:3337 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10205 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0BE9B55  Ack: 0x69DBFAEE  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:38.906899 24.91.57.211:3373 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10293 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0E55307  Ack: 0x6988B6EE  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:42.298389 24.91.57.211:3412 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA10E3D25  Ack: 0x6999F8C1  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-02:33:42.454386 24.91.57.211:3414 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10390 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1108271  Ack: 0x69B1DA18  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-02:33:55.240526 24.91.57.211:3556 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10873 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1A2F8EE  Ack: 0x6ABC8FEE  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:58.880425 24.91.57.211:3614 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11004 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1DC9EB6  Ack: 0x6A9A79E7  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:02.506167 24.91.57.211:3690 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11082 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2281465  Ack: 0x6AD365F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.002740 24.91.57.211:3892 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E1BFEC  Ack: 0x6B571A04  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.172258 24.91.57.211:3895 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11817 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E471B8  Ack: 0x6B823800  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.381340 24.91.57.211:3899 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11827 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E81979  Ack: 0x6BAD44E8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.543927 24.91.57.211:3903 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11840 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA2EBD58A  Ack: 0x6BEE4DB5  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.704869 24.91.57.211:3907 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA2EF29DD  Ack: 0x6B7D6C03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.872046 24.91.57.211:3912 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11859 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2F3731B  Ack: 0x6BBB1E33  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:22.337608 24.91.57.211:4035 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12152 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA37181AA  Ack: 0x6C17C972  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:51:40.950494 24.209.42.242:1340 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21257 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5F7D344C  Ack: 0x8F97AC1D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:51:41.175489 24.209.42.242:1401 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21278 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5FAC02EA  Ack: 0x902ABA97  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:02.271418 24.209.42.242:2015 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23042 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61BDF193  Ack: 0x91680CDB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:11.375084 24.209.42.242:2307 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23810 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62B64F79  Ack: 0x91A42AF8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:20.512605 24.209.42.242:2486 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24381 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6359AC14  Ack: 0x91E8AB79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-03:52:20.602791 24.209.42.242:2487 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24391 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x635ACBD8  Ack: 0x91E451B7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-03:52:20.747877 24.209.42.242:2568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24485 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6398011E  Ack: 0x9242EF13  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:29.814757 24.209.42.242:2821 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25355 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x64763ABC  Ack: 0x942CCB0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:29.985880 24.209.42.242:2822 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25368 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64770232  Ack: 0x93684C9C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.079545 24.209.42.242:2825 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25376 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647A39DD  Ack: 0x93AC2DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.204116 24.209.42.242:2828 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25393 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647CCAD3  Ack: 0x935F15B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.317372 24.209.42.242:2832 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6480839E  Ack: 0x93A02B54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.425489 24.209.42.242:2834 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25421 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6482761E  Ack: 0x942E1A7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.515516 24.209.42.242:2987 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25824 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FCADDB  Ack: 0x93E01F19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.604565 24.209.42.242:2989 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25832 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64FE8979  Ack: 0x93803281  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.710054 24.209.42.242:2990 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FF7B90  Ack: 0x93C80542  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-05:07:03.383466 12.148.209.198:59906 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:34332 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0xA22F282F  Ack: 0xAD0248FA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326091478 1694084267 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-05:07:03.679184 12.148.209.198:59906 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:34333 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0xA22F282F  Ack: 0xAD0248FA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326091508 1694084267 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:05:59.630555 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57946 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3946  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:06:02.106471 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3EFA  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:15:27.983578 24.209.177.126:3350 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CD76AFA  Ack: 0x3A35DB85  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:15:27.989267 24.209.177.126:3350 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6943 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CD770AE  Ack: 0x3A35DB85  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.476054 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEA36  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.508996 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEFEA  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:54.662279 24.63.13.134:2727 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59190 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF9BE8ABD  Ack: 0x4A32AA46  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:58.955805 24.63.13.134:2784 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59928 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF9EA6EA0  Ack: 0x4B3BC3C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.306630 24.63.13.134:2946 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59987 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA68D3FA  Ack: 0x4A754411  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.693881 24.63.13.134:3014 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA9BC11E  Ack: 0x4B339B87  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.994293 24.63.13.134:3024 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAA4C344  Ack: 0x4B2C383D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.665906 24.63.13.134:3534 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61788 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC34C8D2  Ack: 0x4BC3BDA1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.930476 24.63.13.134:3540 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61831 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC39F4DB  Ack: 0x4B949691  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:10.238837 24.63.13.134:3545 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61866 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFC3E5FA7  Ack: 0x4B5C4BC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.017204 24.63.13.134:4041 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63475 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDB9C874  Ack: 0x4C8ADA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.347676 24.63.13.134:4048 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63509 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDBE4369  Ack: 0x4C0D89D8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.742905 24.63.13.134:4053 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDC337C3  Ack: 0x4BF24A29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.485367 24.63.13.134:4109 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63727 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDEBF338  Ack: 0x4BC3ABE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.744651 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:24.735323 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64265 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:25.221898 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.190258 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.518068 24.63.13.134:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64903 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFF09C901  Ack: 0x4CE1E9E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:32.256465 24.63.13.134:4694 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:65467 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFF8D67F4  Ack: 0x4CEED0CB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.071617 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3C525  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.094988 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3CAD9  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.942136 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911706  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.964198 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47459 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911CBA  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/16-10:58:10.664209 130.105.3.2 -> 192.168.1.6
ICMP TTL:239 TOS:0x0 ID:35346 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:52168 -> 130.105.1.8:53
UDP TTL:48 TOS:0x0 ID:0 IpLen:20 DgmLen:70 DF
Len: 42
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.687425 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38315 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C7377F  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.705707 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C73D33  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-12:11:51.339850 66.147.154.3:13075 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:14374 IpLen:20 DgmLen:229 DF
***AP*** Seq: 0x8669261D  Ack: 0x842DDB41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32627212 1707138699 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-12:50:46.123100 66.196.65.24:40451 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:61682 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA094178  Ack: 0x16BF60B4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.394209 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA661E5B  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.449832 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA66240F  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.578268 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8A27  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.600546 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8FDB  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:13.094012 24.243.238.248:1618 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:6805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDE6C4D59  Ack: 0xF321F7A1  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:16.602898 24.243.238.248:2038 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7226 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEE7E412  Ack: 0xF364F19F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:16.818779 24.243.238.248:2040 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7253 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDEEA6A99  Ack: 0xF3461F10  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:17.444261 24.243.238.248:2128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7382 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0FE3C4  Ack: 0xF38C1153  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:17.657487 24.243.238.248:2160 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7447 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF22042B  Ack: 0xF3D78D4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:49:17.927632 24.243.238.248:2193 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7516 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF2E21AC  Ack: 0xF3F38E22  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:49:18.178912 24.243.238.248:2242 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7651 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF4A1D48  Ack: 0xF3EB74C2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:21.655735 24.243.238.248:2629 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8243 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDFDDED1F  Ack: 0xF3EBDCB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:24.895409 24.243.238.248:2962 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8725 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0788F19  Ack: 0xF3C03775  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:25.144988 24.243.238.248:2984 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8756 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE085EAD4  Ack: 0xF3AF4C7A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:28.452263 24.243.238.248:3216 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9399 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE11645B2  Ack: 0xF3C7A72B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:31.704862 24.243.238.248:3517 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1DF103A  Ack: 0xF4EE6CBD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:34.920789 24.243.238.248:3715 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10621 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE26E2483  Ack: 0xF507EA2C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:35.130414 24.243.238.248:3724 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10640 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2741CB6  Ack: 0xF51750FB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:35.375654 24.243.238.248:3732 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10666 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE27B664E  Ack: 0xF459474C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:38.620685 24.243.238.248:3916 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11270 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE30CC56B  Ack: 0xF54029E6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:56:55.337943 66.196.65.24:53991 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:32592 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x19E46D77  Ack: 0xFFDB3D5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:51:20.890744 24.127.15.16:3287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:43184 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA21033AA  Ack: 0xC142B44A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:51:20.897298 24.127.15.16:3287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:43185 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA210395E  Ack: 0xC142B44A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:54:22.689747 24.209.98.148:3032 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:49035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBF11E1  Ack: 0xCD3F36E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:54:22.697674 24.209.98.148:3032 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:49036 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBF1795  Ack: 0xCD3F36E4  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:58:29.746686 24.209.98.148:2324 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:8548 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA624A42B  Ack: 0xDC6757AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:58:29.779947 24.209.98.148:2324 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:8549 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA624A9DF  Ack: 0xDC6757AF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.470224 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2A18  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.496025 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:677 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2FCC  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:15:36.115402 24.106.135.110:4948 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x650765CF  Ack: 0x1D002684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:15:36.191916 24.106.135.110:4948 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65076B83  Ack: 0x1D002684  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.091268 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A8458C  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.110981 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A84B40  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.126316 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0CD3F  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.150555 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0D2F3  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.861197 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7F958  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.888352 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7FF0C  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:28:16.624189 24.209.196.254:4332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27526 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5ECC45B  Ack: 0x11BD8B78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:28:16.632299 24.209.196.254:4332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27527 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5ECCA0F  Ack: 0x11BD8B78  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:03.457893 24.98.81.16:2242 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47058 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x988E8BF0  Ack: 0x49E1600B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.025343 24.98.81.16:2249 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47072 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x98958EB2  Ack: 0x499BD73F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.177615 24.98.81.16:2251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47084 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x98977C74  Ack: 0x493FC195  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.328381 24.98.81.16:2257 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47096 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x989C038C  Ack: 0x4A16302A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.488741 24.98.81.16:2262 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47108 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x98A03489  Ack: 0x49CABF28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-18:43:13.657483 24.98.81.16:2438 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x993E7601  Ack: 0x4A71E35E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-18:43:13.824712 24.98.81.16:2442 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9941C373  Ack: 0x4A7123AE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:16.995146 24.98.81.16:2504 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47876 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x997CBF09  Ack: 0x4A0EAB42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:20.158292 24.98.81.16:2568 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48104 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99B68D20  Ack: 0x4AA6B331  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:23.323271 24.98.81.16:2610 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48225 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99DE14AE  Ack: 0x4AD91666  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:23.466589 24.98.81.16:2613 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E0AEBF  Ack: 0x4AA1BDB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.601461 24.98.81.16:2668 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A13F7DE  Ack: 0x4AE35632  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.746601 24.98.81.16:2671 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48409 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9A170C04  Ack: 0x4B2A8EDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.868268 24.98.81.16:2675 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48414 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A1B3C93  Ack: 0x4B0371AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:27.053066 24.98.81.16:2676 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48422 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9A1C89F3  Ack: 0x4A927E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:30.241246 24.98.81.16:2724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A4CA0BB  Ack: 0x4B7658A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:52:05.505742 24.209.196.254:4089 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8C69435B  Ack: 0x6BFF79EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:52:05.513742 24.209.196.254:4089 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8C69490F  Ack: 0x6BFF79EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.871514 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A1307  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.896209 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48317 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A18BB  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.382373 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61091 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCD4C1  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.415066 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCDA75  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.840695 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8BB41  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.861558 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19893 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8C0F5  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:01:35.301224 24.209.191.210:3482 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:63540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4815669A  Ack: 0x7175C5DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:01:35.311764 24.209.191.210:3482 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:63541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48156C4E  Ack: 0x7175C5DD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:36.388976 24.118.102.148:3004 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5622 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1CA90B9E  Ack: 0xEB2B9BE2  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:45.568976 24.118.102.148:3561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7249 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1E60E767  Ack: 0xEB82EA87  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:55.038139 24.118.102.148:3577 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9081 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E6ED800  Ack: 0xEBEA45AA  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:55.617967 24.118.102.148:4215 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9146 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x205C046D  Ack: 0xED72D053  Win: 0xFC00  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-20:34:03.630788 24.118.102.148:4919 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21CC37DA  Ack: 0xEE222963  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:09:26.286616 24.209.191.210:1518 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBC1765F  Ack: 0x7219AA8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:09:26.298946 24.209.191.210:1518 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:485 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBC17C13  Ack: 0x7219AA8A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:30:08.769551 24.209.191.210:1680 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28E1C2E2  Ack: 0xC061D977  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:30:08.776386 24.209.191.210:1680 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28E1C896  Ack: 0xC061D977  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-22:07:22.689129 24.209.98.148:4578 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:28303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6C74913  Ack: 0x4D5C9DDF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-22:07:22.718714 24.209.98.148:4578 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:28304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6C74EC7  Ack: 0x4D5C9DDF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:25:43.532056 24.244.187.6:4075 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B5191A3  Ack: 0x75B378B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:25:44.110142 24.244.187.6:4075 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B519757  Ack: 0x75B378B4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.093867 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D7FD7B  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.120649 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D8032F  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-00:07:03.244457 66.196.65.24:35979 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x956A8D4B  Ack: 0x115D583F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.775261 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10864 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF858CDA  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.800648 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10865 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF85928E  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:19:42.669718 24.218.33.167:4258 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8942866A  Ack: 0x2331DD2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:19:42.677271 24.218.33.167:4258 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89428C1E  Ack: 0x2331DD2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.670311 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23659 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907D4FD  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.696708 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23660 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907DAB1  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:02.550410 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64121 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397ABA51  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:05.010099 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397AC005  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:02:27.328519 24.167.80.155:4174 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:40379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3FBD0C6  Ack: 0xA88A3442  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:02:27.334372 24.167.80.155:4174 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:40380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3FBD67A  Ack: 0xA88A3442  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-03:44:47.338364 66.196.73.77:17109 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:17335 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE5451FC0  Ack: 0x48D7C1BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:53:50.572135 24.209.191.210:2765 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4809CEFA  Ack: 0x6A3E6F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:53:50.580649 24.209.191.210:2765 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4809D4AE  Ack: 0x6A3E6F50  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-04:49:26.352275 24.209.191.210:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A11544  Ack: 0x3D062F82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-04:49:26.360351 24.209.191.210:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A11AF8  Ack: 0x3D062F82  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-05:53:38.177891 61.136.148.43:2880 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:53521 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xCE81E224  Ack: 0x2E86ED19  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-05:53:38.197688 61.136.148.43:2880 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:53522 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xCE81E7AA  Ack: 0x2E86ED19  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-06:32:37.652112 66.196.65.24:24793 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:63107 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x66B3F23D  Ack: 0xC1C6FD1F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-06:50:39.590883 24.90.170.180:4318 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x56E224FE  Ack: 0x59AA552  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-06:50:39.615232 24.90.170.180:4318 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x56E22AB2  Ack: 0x59AA552  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-09:16:32.042422 66.196.65.24:39392 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:132 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x488EEC8F  Ack: 0x2DCDF699  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:32:56.596550 24.209.191.210:3048 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59D3B5B4  Ack: 0x6AF46D2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:32:56.604125 24.209.191.210:3048 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59D3BB68  Ack: 0x6AF46D2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:36:24.984194 24.209.191.210:2230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65BB9477  Ack: 0x774CEA6D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:36:24.993691 24.209.191.210:2230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65BB9A2B  Ack: 0x774CEA6D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-10:15:59.644141 24.136.140.127:2589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51236 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31040EA9  Ack: 0xE73CB1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-10:15:59.653955 24.136.140.127:2589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51237 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3104145D  Ack: 0xE73CB1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-12:48:43.158026 24.209.98.148:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B54D4F5  Ack: 0x4F338880  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-12:48:43.167642 24.209.98.148:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B54DAA9  Ack: 0x4F338880  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:00:33.828606 24.209.98.148:1257 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:56866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA160C927  Ack: 0x7BE24ADB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:00:33.848753 24.209.98.148:1257 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:56867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA160CEDB  Ack: 0x7BE24ADB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.002461 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30189 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E2E4E  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.026498 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E3402  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:20.597746 24.209.98.148:1636 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29620 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79BB084D  Ack: 0x6420B8D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:20.619425 24.209.98.148:1636 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29621 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79BB0E01  Ack: 0x6420B8D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:42.272432 24.209.196.254:4007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59BDB2A9  Ack: 0x798B061  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:42.273759 24.209.196.254:4007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59BDB85D  Ack: 0x798B061  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:13:33.850462 24.209.45.21:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62325 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x307C53F7  Ack: 0x9025F319  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:13:33.881052 24.209.45.21:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x307C59AB  Ack: 0x9025F319  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.012285 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8332 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF7C02  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.036370 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8333 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF81B6  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.242675 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D16F  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.283506 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D723  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:24:43.581946 24.209.98.148:1437 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:55819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBB4D212  Ack: 0x9BA1E096  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:24:43.610067 24.209.98.148:1437 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:55820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBB4D7C6  Ack: 0x9BA1E096  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:29:32.848301 24.209.98.148:4806 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12524 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4D7DF86  Ack: 0xAEEDFB6C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:29:32.879879 24.209.98.148:4806 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12525 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4D7E53A  Ack: 0xAEEDFB6C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:56:58.945621 24.131.187.236:3897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:20829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8961431  Ack: 0x160BA70C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:56:58.953111 24.131.187.236:3897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:20830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA89619E5  Ack: 0x160BA70C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-16:41:16.303885 66.196.73.77:41697 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:8059 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x868F4120  Ack: 0xBCA12416  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-16:54:54.445202 24.150.134.130:3146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52664 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47F1827E  Ack: 0xF1A66767  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-16:54:54.457156 24.150.134.130:3146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52665 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47F18832  Ack: 0xF1A66767  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.366772 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84BBD4  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.386651 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84C188  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.581994 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1842  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.618714 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1DF6  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-17:55:43.450011 66.196.65.24:30453 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:17369 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CF01363  Ack: 0xD58F2358  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-18:25:32.652758 66.196.73.77:2230 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38229 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x13619246  Ack: 0x4729098B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-19:39:05.620613 66.196.73.77:1519 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:60017 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2D6B474C  Ack: 0x5E0273B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-19:46:48.950644 66.196.65.24:30202 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:62754 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5D8877F2  Ack: 0x7A1724AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:02:42.548428 24.199.81.210:3957 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40162 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDAE4DD06  Ack: 0xB5F69159  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:02:42.605340 24.199.81.210:3957 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40163 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDAE4E2BA  Ack: 0xB5F69159  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:27.410826 24.198.96.120:2224 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58349 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xABA0C04  Ack: 0xC31F8CB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:27.984874 24.198.96.120:2245 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58405 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xACB12ED  Ack: 0xCC70456  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:28.281128 24.198.96.120:2255 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58434 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAD45EA9  Ack: 0xCAFA447  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:31.531227 24.198.96.120:2381 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58785 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB402E91  Ack: 0xD0F750A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:40.839596 24.198.96.120:2660 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59578 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC33D46E  Ack: 0xCF5FD7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-20:25:41.120329 24.198.96.120:2667 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59604 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC3A1B7B  Ack: 0xDB5EAA2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-20:25:41.471792 24.198.96.120:2677 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC437A39  Ack: 0xCF542E5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:50.772654 24.198.96.120:2954 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60348 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD36C1F4  Ack: 0xDEB7B91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:51.013776 24.198.96.120:2961 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3BF340  Ack: 0xDB1D3ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:51.273170 24.198.96.120:2966 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60392 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD4029D2  Ack: 0xDC0923B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:00.584307 24.198.96.120:3287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61284 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE52B307  Ack: 0xEFEC8C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:03.811906 24.198.96.120:3378 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61588 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA0E943  Ack: 0xE52233E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.072959 24.198.96.120:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61605 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEA7C456  Ack: 0xF378695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.337627 24.198.96.120:3392 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61630 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEAC6278  Ack: 0xE8A3ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.592665 24.198.96.120:3402 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61661 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEB4D639  Ack: 0xE9A520D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.874734 24.198.96.120:3416 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61713 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC0718E  Ack: 0xEA045BA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:03:52.662701 24.202.34.72:4306 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55745 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBFB08367  Ack: 0x9E2D2779  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:03:59.130684 24.202.34.72:4409 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56263 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC0108968  Ack: 0x9ECEC0A9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:01.101134 24.202.34.72:4432 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56418 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC027D399  Ack: 0x9EEAD255  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:03.038482 24.202.34.72:4470 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC0473659  Ack: 0x9EE996A3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:08.249171 24.202.34.72:4486 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56854 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC05A12D5  Ack: 0x9F315C46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:04:10.508844 24.202.34.72:4555 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57005 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC09B659E  Ack: 0x9F64B9F2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:04:13.007993 24.202.34.72:4592 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57161 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC0BDA837  Ack: 0x9F1DE732  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:18.488402 24.202.34.72:4620 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57480 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC0DC13F8  Ack: 0x9F355E37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:20.468709 24.202.34.72:4687 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57638 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC11EB576  Ack: 0x9FDC8407  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:31.918536 24.202.34.72:4843 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1AF7976  Ack: 0xA037768C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:36.864713 24.202.34.72:4872 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58675 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1CC47E6  Ack: 0x9FFB95F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:38.882274 24.202.34.72:4980 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC210E053  Ack: 0xA11F8387  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:48.021468 24.202.34.72:1090 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC253B91E  Ack: 0xA0AB6CD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:49.973170 24.202.34.72:1164 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC29CC707  Ack: 0xA16844B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:52.054952 24.202.34.72:1197 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59662 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2BA1100  Ack: 0xA155E841  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:05:03.220383 24.202.34.72:1376 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC35C9E85  Ack: 0xA27F1EA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:07:41.473346 24.91.243.83:3068 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55718 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x950D0467  Ack: 0xAB716046  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:07:41.477366 24.91.243.83:3068 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x950D0A1B  Ack: 0xAB716046  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:24:47.068606 24.93.48.91:4634 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9790 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1E83ED2F  Ack: 0xED30A3B9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:10.564164 24.93.48.91:1369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13533 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20E4EE97  Ack: 0xEE004A10  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:12.798993 24.93.48.91:1426 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2119C14A  Ack: 0xEE7E83BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:15.127502 24.93.48.91:1519 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14272 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2165A7FD  Ack: 0xEEA7CDDB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:17.406040 24.93.48.91:1581 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x219D2E37  Ack: 0xEE87DED1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:25:19.665250 24.93.48.91:1649 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14974 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21D7E271  Ack: 0xEE777CF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:25:30.826032 24.93.48.91:1997 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16751 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2309B628  Ack: 0xEEED02F6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:33.100025 24.93.48.91:2050 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17089 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x23371C05  Ack: 0xEF5655DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:44.368164 24.93.48.91:2414 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18978 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2470B806  Ack: 0xF09B89DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:46.591863 24.93.48.91:2482 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24ABCE12  Ack: 0xEFE1DA94  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:57.858219 24.93.48.91:2826 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25D287E3  Ack: 0xF101095B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:00.180082 24.93.48.91:2883 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21637 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x260640E9  Ack: 0xF09E37A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:11.428984 24.93.48.91:3227 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23462 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x272E355A  Ack: 0xF1D479F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:13.699612 24.93.48.91:3271 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2758D6E7  Ack: 0xF1B6FE2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:15.907611 24.93.48.91:3330 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24153 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x278BB826  Ack: 0xF1A9136F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:27.181779 24.93.48.91:3671 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26113 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28AF27DD  Ack: 0xF2F2DB6A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:37:16.347329 66.196.73.77:40125 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:7043 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF6F19996  Ack: 0x1B4735A4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.124013 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA132B  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.147984 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA18DF  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:26:58.865480 24.116.72.9:1879 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:1951 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBAC5190D  Ack: 0xD7A0B326  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:29:52.407821 24.209.45.21:4987 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9404FE9  Ack: 0xE198C28A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:29:52.446065 24.209.45.21:4987 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC940559D  Ack: 0xE198C28A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.589295 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283736B  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.660545 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283791F  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-23:03:36.448788 66.196.65.24:35370 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6471 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6F29949E  Ack: 0x6215A28B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:07:22.330760 209.142.14.60:2177 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:38752 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0xF3A004DC  Ack: 0x52C91215  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:11:37.817924 24.209.45.21:3569 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x779E395E  Ack: 0x61ED801C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:11:37.849052 24.209.45.21:3569 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x779E3F12  Ack: 0x61ED801C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:23:34.555143 24.209.191.210:3463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49236 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x536060EA  Ack: 0x1B69F6EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:23:34.570216 24.209.191.210:3463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49237 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5360669E  Ack: 0x1B69F6EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:38:05.152220 24.209.191.210:4842 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8713AF0  Ack: 0x509C3687  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:38:05.160191 24.209.191.210:4842 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59690 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA87140A4  Ack: 0x509C3687  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:06.926948 24.106.83.102:3368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9493 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC31BABF2  Ack: 0x7AD2AF07  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:10.656000 24.106.83.102:3392 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC33009B3  Ack: 0x7A671B2B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:13.749165 24.106.83.102:3492 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10059 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC38602D1  Ack: 0x7A5085A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:17.210075 24.106.83.102:3669 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC41CCA35  Ack: 0x7AF5F8C9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:20.642501 24.106.83.102:3770 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10555 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC472C3B9  Ack: 0x7AC86D7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-04:49:20.717300 24.106.83.102:3772 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10566 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC474D25B  Ack: 0x7B496201  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-04:49:27.068897 24.106.83.102:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11125 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC4DF250A  Ack: 0x7B934679  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:39.487146 24.106.83.102:4297 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12353 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC62EE2F1  Ack: 0x7BCBF1AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.751206 24.106.83.102:4684 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13134 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC7800AAB  Ack: 0x7CDE8429  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.820033 24.106.83.102:4686 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC78197DE  Ack: 0x7CBEBF05  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.949067 24.106.83.102:4690 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13156 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC7852C54  Ack: 0x7D21ADD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:51.993951 24.106.83.102:4696 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13454 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC789E3F0  Ack: 0x7C839ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:52.073912 24.106.83.102:4799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13463 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC7E3782E  Ack: 0x7D824C00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:55.197349 24.106.83.102:4802 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13747 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC7E587FE  Ack: 0x7D0B465E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:55.249781 24.106.83.102:4896 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13752 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC83656EE  Ack: 0x7D7FDAE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:58.302197 24.106.83.102:4898 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14000 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC83790BE  Ack: 0x7D6DAA65  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-05:30:51.259446 24.218.34.115:2609 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:38604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x16D19EF9  Ack: 0x190B8175  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-05:30:51.268057 24.218.34.115:2609 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:38605 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x16D1A4AD  Ack: 0x190B8175  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-05:53:06.658219 66.196.65.24:2459 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:62678 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBBE2BE14  Ack: 0x6C61DAD8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:30:04.836825 24.209.191.210:3714 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1DC372E4  Ack: 0xF7EF3161  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:30:04.844673 24.209.191.210:3714 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1DC37898  Ack: 0xF7EF3161  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:38:10.459264 24.209.191.210:4936 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A770026  Ack: 0x16352886  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:38:10.467865 24.209.191.210:4936 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1317 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A7705DA  Ack: 0x16352886  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:53:17.389207 24.209.45.21:4204 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38B0A806  Ack: 0x4FE81455  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:53:17.420407 24.209.45.21:4204 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38B0ADBA  Ack: 0x4FE81455  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-08:09:38.901127 24.209.191.210:2858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38A46918  Ack: 0x6F652D01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-08:09:38.909569 24.209.191.210:2858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38A46ECC  Ack: 0x6F652D01  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.021085 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2054 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748ADC5  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.053766 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2055 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748B379  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-10:36:10.604921 24.209.45.21:4572 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57389 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECAA1B32  Ack: 0x98B64CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-10:36:10.637057 24.209.45.21:4572 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57390 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECAA20E6  Ack: 0x98B64CE1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-11:01:41.491619 66.196.65.24:35099 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:28064 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x454F8EF4  Ack: 0xFAAB22C7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:34:45.415583 24.158.157.34:3934 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24840 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E8315B0  Ack: 0x7656DDB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:34:45.500154 24.158.157.34:3934 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E831B64  Ack: 0x7656DDB8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:59:42.216232 24.209.191.210:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:33699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1428275  Ack: 0xD4F68F2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:59:42.223880 24.209.191.210:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:33700 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1428829  Ack: 0xD4F68F2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.464374 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57475 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6551B61  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.483038 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57476 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6552115  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:28:39.626331 24.209.98.148:3489 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDB11B90  Ack: 0x43C73427  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:28:39.649853 24.209.98.148:3489 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9777 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDB12144  Ack: 0x43C73427  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:36:21.119092 24.99.79.52:4099 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27784 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1068B3F  Ack: 0x6011F366  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:36:21.129466 24.99.79.52:4099 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE10690F3  Ack: 0x6011F366  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:51:48.786484 24.209.191.210:1172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42012 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A08ACC  Ack: 0x9A904492  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:51:48.793078 24.209.191.210:1172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A09080  Ack: 0x9A904492  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-13:04:12.099360 66.196.65.24:42059 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:37569 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFBD6BE2A  Ack: 0xC85B0286  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:42.669408 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86A7E2  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:45.298627 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86AD96  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:24:16.625890 24.209.98.148:3245 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:41909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30047463  Ack: 0x14564050  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:24:16.655863 24.209.98.148:3245 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:41910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30047A17  Ack: 0x14564050  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-14:20:33.586455 24.209.98.148:2423 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:33060 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708AF29F  Ack: 0xE9753F78  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-14:20:33.605824 24.209.98.148:2423 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:33061 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708AF853  Ack: 0xE9753F78  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-15:26:54.537955 24.209.98.148:1686 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:53626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E39C1E  Ack: 0xE47A32EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-15:26:54.549422 24.209.98.148:1686 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:53627 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E3A1D2  Ack: 0xE47A32EC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:42:24.725568 24.26.238.58:4074 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19281 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBC5C3  Ack: 0x50D1F3EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:42:24.791756 24.26.238.58:4074 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBCB77  Ack: 0x50D1F3EB  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:00.091508 24.98.223.233:4257 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37558 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x68196A03  Ack: 0x7DC833CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:02.268713 24.98.223.233:4342 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37854 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x685F6BFD  Ack: 0x7DA585CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:03.232064 24.98.223.233:4389 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38028 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68878964  Ack: 0x7E37E78D  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:10.794278 24.98.223.233:4596 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39280 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69278318  Ack: 0x7E372E30  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:15.351511 24.98.223.233:3069 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39975 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A22A005  Ack: 0x7F0433F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-22:54:16.377152 24.98.223.233:3102 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A3F500A  Ack: 0x7E2F74AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-22:54:21.131421 24.98.223.233:3273 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40768 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6ACAA0DD  Ack: 0x7F5EE579  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:25.675811 24.98.223.233:3476 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41526 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B707F06  Ack: 0x7F8D2A03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:26.800392 24.98.223.233:3523 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41697 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B953CF0  Ack: 0x7F82643C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:52.321541 24.98.223.233:3698 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C28059C  Ack: 0x7FAC5490  Win: 0xFAF0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:03.720439 24.98.223.233:3038 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47076 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6FD86377  Ack: 0x817F1312  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:06.087963 24.98.223.233:4594 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x80D66E52  Ack: 0x6EFE6EAB  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:08.142608 24.98.223.233:3355 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47754 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x70DAABD4  Ack: 0x819823CE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:09.306192 24.98.223.233:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47887 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70F907BF  Ack: 0x81A383EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:12.111433 24.98.223.233:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70F907BF  Ack: 0x81A383EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:26.733635 24.160.23.53:3985 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55642 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x14D26CF8  Ack: 0xA53879AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:27.722134 24.160.23.53:4000 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55691 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x14DF95C9  Ack: 0xA56E013C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:31.366562 24.160.23.53:4060 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55925 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1515C4C5  Ack: 0xA59848E5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:31.939227 24.160.23.53:4072 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55959 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x15210544  Ack: 0xA563DE5D  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:32.507818 24.160.23.53:4080 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1526DC39  Ack: 0xA4EACF1F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:04:36.083489 24.160.23.53:4163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x156F5BC3  Ack: 0xA5E61D18  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:04:36.621182 24.160.23.53:4185 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56549 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15810AFC  Ack: 0xA57D55CB  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:37.217808 24.160.23.53:4198 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56596 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x158D7D10  Ack: 0xA56B19AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:37.817818 24.160.23.53:4206 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1595C6AF  Ack: 0xA5385D55  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:41.947346 24.160.23.53:4280 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56938 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x15DD46F2  Ack: 0xA5CDCCBF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:42.527010 24.160.23.53:4290 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x15E6E67B  Ack: 0xA6216D5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:43.084299 24.160.23.53:4295 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56997 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x15EC7B37  Ack: 0xA6559B20  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:43.634049 24.160.23.53:4303 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57027 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x15F4A655  Ack: 0xA5F50810  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:44.193131 24.160.23.53:4315 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57077 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x15FE450D  Ack: 0xA688227B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:44.755063 24.160.23.53:4324 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57124 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1605EB2C  Ack: 0xA5F037A4  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:16:36.943473 66.196.65.24:60734 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:11252 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xACAB4B47  Ack: 0xD2146C43  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-03:07:33.275431 24.74.60.176:1838 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6FF0EB0  Ack: 0x3A4E7709  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-03:07:33.281836 24.74.60.176:1838 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6FF1464  Ack: 0x3A4E7709  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-03:59:42.826911 66.230.140.66:2690 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:56545 IpLen:20 DgmLen:155 DF
***AP*** Seq: 0x85E93A8  Ack: 0x724D89  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 339345299 1824771783 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-04:34:55.932684 66.196.73.77:23965 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50563 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4A7AA15  Ack: 0x84CFEEE8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-08:10:59.466858 24.95.148.34:3494 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37729 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B11F6C9  Ack: 0xB5B7E33D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-08:10:59.529897 24.95.148.34:3494 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B11FC7D  Ack: 0xB5B7E33D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-09:20:18.803399 24.69.2.199:1303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD619A9D7  Ack: 0xBB641ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-09:20:18.899415 24.69.2.199:1303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD619AF8B  Ack: 0xBB641ACA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:08.472017 24.201.229.67:2207 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6435 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF659E011  Ack: 0xA481B2EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.055490 24.201.229.67:2445 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7950 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF716503F  Ack: 0xA550A457  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.249214 24.201.229.67:2575 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8012 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF780478E  Ack: 0xA4B65E27  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.428307 24.201.229.67:2591 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8062 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF78DB80F  Ack: 0xA4AC9A6B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.643956 24.201.229.67:2613 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8155 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF79E86FF  Ack: 0xA55098CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-10:22:29.253946 24.201.229.67:3337 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9D0B33A  Ack: 0xA5A29DD4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:39.144737 24.201.229.67:3916 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13995 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFB92469C  Ack: 0xA6021F61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:39.353740 24.201.229.67:3933 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14072 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBA0FDD2  Ack: 0xA60B0B9D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:49.371312 24.201.229.67:4623 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16785 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFD8CEBF4  Ack: 0xA6A759AD  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:49.893664 24.201.229.67:4650 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16870 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFD9C8D2E  Ack: 0xA6F20F01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:59.532737 24.201.229.67:1373 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFF520437  Ack: 0xA72B7292  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:59.885324 24.201.229.67:1390 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19347 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFF5FBE61  Ack: 0xA7DAB4A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:00.377339 24.201.229.67:1414 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFF735F0F  Ack: 0xA7567913  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:09.938360 24.201.229.67:1445 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:21665 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFF8B0BF2  Ack: 0xA7E899B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:32.074671 24.201.229.67:3082 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:26544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A388E2  Ack: 0xA92E8C12  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-12:52:40.034706 66.196.65.24:45591 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:11573 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBA35D0D2  Ack: 0xDC9BF1EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:30:28.619494 24.63.8.146:2050 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3269 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F2782E7  Ack: 0x4E536A2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:30:28.627769 24.63.8.146:2050 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3270 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F27889B  Ack: 0x4E536A2A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.797207 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627D486  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.825196 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627DA3A  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.643903 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CE9CA  Ack: 0x13655240  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.665857 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CEF7E  Ack: 0x13655240  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:12.193078 24.217.213.111:4296 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24204 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75862A2D  Ack: 0x1DFC84F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:15.848993 24.217.213.111:4335 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24890 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75A737FA  Ack: 0x1DD8C2C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.079415 24.217.213.111:4486 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24945 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7623898E  Ack: 0x1E561092  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.301608 24.217.213.111:4509 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25007 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x76326128  Ack: 0x1DBCC8D2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.517376 24.217.213.111:4525 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25062 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x763F6A20  Ack: 0x1DEA8449  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-15:25:17.495876 24.217.213.111:4561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25264 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x765C1A38  Ack: 0x1D8C0575  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-15:25:20.946117 24.217.213.111:4900 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26005 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x76FE4B69  Ack: 0x1DEE2533  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.142356 24.217.213.111:4921 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26049 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7709A675  Ack: 0x1EA48ADD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.393857 24.217.213.111:4951 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77157945  Ack: 0x1EB099B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.584668 24.217.213.111:4978 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26130 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77223B8A  Ack: 0x1E873ECB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:22.201135 24.217.213.111:4992 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26243 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7729FE90  Ack: 0x1E1E3D8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-16:11:04.910145 24.77.219.17:3988 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF24A296  Ack: 0xCB39FBBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-16:11:04.948508 24.77.219.17:3988 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64233 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF24A84A  Ack: 0xCB39FBBC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:03.944052 24.114.38.37:3261 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9477 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEBEFE0D  Ack: 0xB684239  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:09.980123 24.114.38.37:3709 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10216 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC0296984  Ack: 0xC0DDC1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:12.450019 24.114.38.37:3769 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC061B701  Ack: 0xBDF359A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:19.463424 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:22.928338 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12285 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:28.429061 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13086 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:31.015704 24.114.38.37:4457 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13519 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2955E7A  Ack: 0xD168255  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-17:36:43.025349 24.114.38.37:1286 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC45D930B  Ack: 0xDBD5552  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-17:36:54.954609 24.114.38.37:1833 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC6284EC9  Ack: 0xF4A2071  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:56.978402 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17371 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D  Ack: 0xF7314F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:59.998720 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17656 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D  Ack: 0xF7314F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:47:01.621264 24.145.209.152:2765 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55334 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A395EA4  Ack: 0x34C49303  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:47:01.650066 24.145.209.152:2765 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55335 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A396458  Ack: 0x34C49303  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:14:05.999799 62.194.177.98:3168 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:45815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48EE1878  Ack: 0x9A886631  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:14:06.009130 62.194.177.98:3168 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:45816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48EE1E2C  Ack: 0x9A886631  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:22:19.773810 24.209.98.148:2430 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1E18140  Ack: 0xBA4A55C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:22:19.803684 24.209.98.148:2430 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1E186F4  Ack: 0xBA4A55C2  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.740726 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6659  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.751487 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6C0D  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.408155 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44067 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D93AD  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.411726 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44068 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D9961  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.300716 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEB69B  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.310687 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEBC4F  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.645678 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F4FCD  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.655786 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F5581  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.949414 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CBE40  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.959757 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CC3F4  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.307275 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2597  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.317832 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44885 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2B4B  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.702026 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C075B  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.711849 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C0D0F  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.008262 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD2671B  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.018895 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD26CCF  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.913942 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DCA78  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.926516 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DD02C  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.580057 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46062 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30830  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.589785 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30DE4  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.389676 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC86EEB  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.400735 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC8749F  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.712128 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0C95F  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.721273 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0CF13  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.350245 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47834 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA5954A  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.361007 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47835 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA59AFE  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.375281 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45530DF7  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.385774 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x455313AB  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.271624 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A97EFB  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.280016 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A984AF  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.258871 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DBE90  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.269110 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DC444  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.297972 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A19AC5  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.308614 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A1A079  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.562001 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49762F18  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.572365 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x497634CC  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.609531 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59131 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B430D6  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.623400 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59132 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B4368A  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.082083 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59666 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A2836D7  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.092297 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59667 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A283C8B  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.163196 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A677FD8  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.173113 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A67858C  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.560575 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60056 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A97353E  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.575279 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60057 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A973AF2  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.523541 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E298  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.533361 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E84C  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.571100 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61508 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D0D58  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.581184 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D130C  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.518192 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61595 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ECC00  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.527686 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ED1B4  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.958561 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C59FD9D  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.969678 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61756 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C5A0351  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.928206 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D4002A8  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.938388 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D40085C  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:58:37.714043 24.209.98.148:1250 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:20893 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x84A232C9  Ack: 0x43E188AA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:58:37.749350 24.209.98.148:1250 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:20894 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x84A2387D  Ack: 0x43E188AA  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.104019 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20211 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F5279  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.136600 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F582D  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.230961 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57859 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070C454  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.276548 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57860 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070CA08  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-19:40:32.342656 66.196.73.77:37478 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:55189 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x62F72CEA  Ack: 0xE1E95A92  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:42:37.344876 210.164.186.94:2723 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:13172 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0x910874E7  Ack: 0xAF7270EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18565054 1857436134 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.163795 24.209.219.95:4631 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35759 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD30977DE  Ack: 0xAF69822E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.328003 24.209.219.95:4650 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD30F7715  Ack: 0xAFCDEF39  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.469446 24.209.219.95:4653 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35910 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD312383A  Ack: 0xAFC9D548  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.562244 24.209.219.95:4690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3265BC8  Ack: 0xAF01BF99  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:53.857787 24.209.219.95:3564 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38220 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD445A03D  Ack: 0xAF73C0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:42:57.100416 24.209.219.95:4518 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39341 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD5CD60E3  Ack: 0xB04E90ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:43:00.359276 24.209.219.95:4979 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40598 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6A713AF  Ack: 0xB0C996A4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:00.686658 24.209.219.95:4991 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40731 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6AF2FFC  Ack: 0xAFF7B357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.595369 24.209.219.95:3677 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44084 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD89D0368  Ack: 0xB0C2C218  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.944346 24.209.219.95:3858 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44156 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8DCABA5  Ack: 0xB1176513  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.799766 24.209.219.95:3907 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8F6122A  Ack: 0xB1A61819  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.921961 24.209.219.95:3331 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA67FB5C  Ack: 0xB1B9D563  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.023198 24.209.219.95:3337 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45445 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDA6BD820  Ack: 0xB1B6157C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.087568 24.209.219.95:3344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45457 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDA70BF6E  Ack: 0xB1694853  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.143117 24.209.219.95:3350 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45486 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDA75C166  Ack: 0xB1C360E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:27.989559 24.209.219.95:4699 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDCD68640  Ack: 0xB25D8B1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.828890 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADA494  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.853621 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9879 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADAA48  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:59:58.452148 24.209.196.254:2807 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29099 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824A10B2  Ack: 0xD301AD1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:59:58.453400 24.209.196.254:2807 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29100 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824A1666  Ack: 0xD301AD1A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:15.244775 24.209.113.11:3405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6181 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x491B05CE  Ack: 0xEF095F96  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:15.827586 24.209.113.11:3423 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6271 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492B22D3  Ack: 0xEE7B731D  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:19.609710 24.209.113.11:3534 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x498893F8  Ack: 0xEEB1D9B7  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:29.435512 24.209.113.11:3847 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A922538  Ack: 0xEF9C8B4B  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:29.997530 24.209.113.11:3859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A9B9B5F  Ack: 0xEF6C88FC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:07:30.376312 24.209.113.11:3884 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8648 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AAFDF8F  Ack: 0xEF69E980  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:07:31.385711 24.209.113.11:3916 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4ACABD8B  Ack: 0xEF6C85D2  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:31.819438 24.209.113.11:3932 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8846 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AD790AD  Ack: 0xEF414453  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.171397 24.209.113.11:3942 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE07840  Ack: 0xF034DFAC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.567226 24.209.113.11:3952 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8963 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE91F73  Ack: 0xEFFF7AB3  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.886160 24.209.113.11:3964 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9032 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF33F7B  Ack: 0xEF67D998  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:33.343227 24.209.113.11:3973 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9100 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AFBF183  Ack: 0xEFBD9743  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:34.077032 24.209.113.11:3986 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B06CB18  Ack: 0xF01B2ED8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:34.423732 24.209.113.11:4002 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9267 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B154A20  Ack: 0xEFFFD241  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:35.006170 24.209.113.11:4012 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9329 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B1D5E92  Ack: 0xF0500395  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:35.607413 24.209.113.11:4033 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9439 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B2FB412  Ack: 0xF005D09A  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:48.207081 24.93.48.91:4831 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58382 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDCA6A29  Ack: 0x3D055B2E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:51.335479 24.93.48.91:4940 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58917 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE26559B  Ack: 0x3CE03C89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:54.636785 24.93.48.91:1081 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE84401E  Ack: 0x3DB86C57  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:00.905037 24.93.48.91:1305 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60389 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF3E1A58  Ack: 0x3E44E47F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:07.073239 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61408 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12  Ack: 0x3EACBAC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:10.062785 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61866 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12  Ack: 0x3EACBAC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:13.301269 24.93.48.91:1779 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x10C9A2A6  Ack: 0x3EF3E37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:17.290231 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62876 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37  Ack: 0x3F382F06  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:20.543723 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63250 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37  Ack: 0x3F382F06  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:41:43.729225 24.126.82.22:4859 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:56548 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x950A5CC9  Ack: 0x71294DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:30.203494 24.126.82.22:2614 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62913 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9AB6735A  Ack: 0x738E909E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:31.241232 24.126.82.22:2662 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63066 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9ADC4578  Ack: 0x74E1117D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:32.026409 24.126.82.22:2699 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63193 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9AFC1291  Ack: 0x74925F15  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:35.585232 24.126.82.22:2730 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B1543F9  Ack: 0x74FCCAEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:36.629035 24.126.82.22:2870 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63870 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9B88D888  Ack: 0x74C038B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:37.424801 24.126.82.22:2907 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9BA71BEF  Ack: 0x756D5824  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:38.119429 24.126.82.22:2937 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64100 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9BC02E3E  Ack: 0x759DA985  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.001573 24.126.82.22:2964 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64207 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BD90B23  Ack: 0x75A797C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.600051 24.126.82.22:3003 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64339 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BF8F3E2  Ack: 0x7560B92D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.937365 24.126.82.22:3027 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64405 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C0CE514  Ack: 0x75BB51EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:44.170721 24.126.82.22:3175 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64924 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C86816B  Ack: 0x7572FDBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:45.103693 24.126.82.22:3216 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9CA785D7  Ack: 0x7559CB13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:46.280631 24.126.82.22:3252 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CC6FA46  Ack: 0x75F7EB17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.045222 24.126.82.22:3299 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9CED4D70  Ack: 0x75ED5254  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.787012 24.126.82.22:3327 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65442 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D043888  Ack: 0x765AB66A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.191924 24.209.219.95:3799 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60971 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA5A09D8B  Ack: 0xD7F3BCDA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.380875 24.209.219.95:3834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61062 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5B2641D  Ack: 0xD7FE0470  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.466348 24.209.219.95:3839 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5B737FD  Ack: 0xD7A16025  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:49.978039 24.209.219.95:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:62174 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA67E4D99  Ack: 0xD86C3CD9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:59.437879 24.209.219.95:4235 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64607 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA946142F  Ack: 0xD8A57A83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:08:59.504238 24.209.219.95:4242 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64639 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA94A5E81  Ack: 0xD8CFB6B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:09:08.941203 24.209.219.95:3767 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1539 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB776114  Ack: 0xD940686D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.077621 24.209.219.95:3353 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3985 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAE29036B  Ack: 0xD977BFB7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.470018 24.209.219.95:3428 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE52D537  Ack: 0xDA0FE33D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.765490 24.209.219.95:3474 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE76666C  Ack: 0xD9CBA504  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.370827 24.209.219.95:3411 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0EAD0B5  Ack: 0xDA0A28B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.440699 24.209.219.95:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7226 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0F3DCBD  Ack: 0xD9FD1A0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.522281 24.209.219.95:3453 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7257 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0FB1A36  Ack: 0xDA664D43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.576143 24.209.219.95:3476 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7270 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB109E1C9  Ack: 0xDAA79470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.638792 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7276 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB10B2D50  Ack: 0xDA0F6423  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.705787 24.209.219.95:3481 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7287 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB10DA191  Ack: 0xDAE46E59  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:15.860038 24.245.2.233:3439 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46291 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71E2985C  Ack: 0xC38C5FC9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:18.968217 24.245.2.233:3478 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46462 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x720CBF50  Ack: 0xC3583F32  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.472518 24.245.2.233:3608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x72954306  Ack: 0xC4E48971  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.693627 24.245.2.233:3616 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47026 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x729C31CE  Ack: 0xC409B0DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.930032 24.245.2.233:3620 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47050 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x729FCC07  Ack: 0xC42AEE03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:38.452343 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47709 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7336BD8A  Ack: 0xC57D2281  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:42.582499 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x736892F2  Ack: 0xC4CBEC04  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:43.440466 24.245.2.233:3832 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47990 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7373A391  Ack: 0xC54BF57C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.342939 24.245.2.233:3846 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48038 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7381B482  Ack: 0xC5B7FAFB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.682846 24.245.2.233:3857 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738CF405  Ack: 0xC5ACA066  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:45.228083 24.245.2.233:3858 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738EBAD4  Ack: 0xC54DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:55.353395 24.245.2.233:3975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x740A3E65  Ack: 0xC662A6B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:56.290773 24.245.2.233:3982 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48662 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x74115D5E  Ack: 0xC593D782  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:57.140662 24.245.2.233:3991 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x741AF98D  Ack: 0xC6698F30  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:58.285170 24.245.2.233:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48766 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7427974B  Ack: 0xC69966AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:59.529823 24.245.2.233:4018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48831 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x74364337  Ack: 0xC6756B45  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.933584 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11519 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6A950  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.953287 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11520 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6AF04  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:20.782550 24.209.219.95:3275 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20333 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEAD8045F  Ack: 0x3B43C5C2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.133188 24.209.219.95:3291 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22632 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xED759137  Ack: 0x3BA63105  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.187779 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22641 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7706BC  Ack: 0x3C1E90D1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.269458 24.209.219.95:3309 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7D8E44  Ack: 0x3C2A8835  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.325626 24.209.219.95:3326 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED899185  Ack: 0x3B6A5AF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.427978 24.209.219.95:3328 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22715 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8B3358  Ack: 0x3C00C413  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.504053 24.209.219.95:3338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22744 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8E4C12  Ack: 0x3C0B0C35  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.805523 24.209.219.95:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24875 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0485691  Ack: 0x3C6BEC03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.908727 24.209.219.95:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF0555D03  Ack: 0x3C42F9C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.968285 24.209.219.95:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24936 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF05E9136  Ack: 0x3C835203  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:49.215589 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27168 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF32B8D63  Ack: 0x3CB82BE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.554942 24.209.219.95:3246 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF597FC9F  Ack: 0x3D3ECCF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.630073 24.209.219.95:3247 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29104 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF598E820  Ack: 0x3DD39467  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.682720 24.209.219.95:3274 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29115 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF59F1FB1  Ack: 0x3D97D424  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.746034 24.209.219.95:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29126 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF5A1DADC  Ack: 0x3D7A968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.865969 24.209.219.95:3304 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF5A72A3D  Ack: 0x3D7AB45C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.011916 24.209.219.95:3286 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60869 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEDB4DCBD  Ack: 0xE2096BBA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.070482 24.209.219.95:3290 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60878 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEDB65786  Ack: 0xE2BED085  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.127585 24.209.219.95:3292 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60891 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB81061  Ack: 0xE23FA82D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.176841 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60900 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB96A6D  Ack: 0xE2DED4BD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.264049 24.209.219.95:3296 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60949 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEDB9FE53  Ack: 0xE2418D08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.501467 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63295 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0785EEC  Ack: 0xE34EA738  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.568297 24.209.219.95:3417 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63339 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF079A880  Ack: 0xE2DE04F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.868249 24.209.219.95:3598 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF37A9116  Ack: 0xE34190B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.923734 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37BCBE7  Ack: 0xE34BC523  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.998974 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37C7026  Ack: 0xE36D767C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.544079 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3081 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF60DE32F  Ack: 0xE44DD425  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.633487 24.209.219.95:4133 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF713FD50  Ack: 0xE40A103B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.105857 24.209.219.95:3114 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3909 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF832F443  Ack: 0xE496BF00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.154075 24.209.219.95:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3928 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8339DA5  Ack: 0xE49259ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.237781 24.209.219.95:3125 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3933 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF83A7211  Ack: 0xE460E932  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.286162 24.209.219.95:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3953 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF83C5B70  Ack: 0xE4E4DE92  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.393850 24.209.219.95:4702 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:314 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4CADCEF  Ack: 0xD5DC99AB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.506357 24.209.219.95:4707 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:330 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF4CE15B0  Ack: 0xD69671D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.573594 24.209.219.95:3099 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF5441008  Ack: 0xD696608D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.630731 24.209.219.95:3101 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:803 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF545E0F7  Ack: 0xD6CF754E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:35.211860 24.209.219.95:4720 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2795 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7F5F235  Ack: 0xD7298CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:35.262792 24.209.219.95:4721 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2816 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F6BFA8  Ack: 0xD674D2ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:44.575679 24.209.219.95:4033 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4569 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA18CC7F  Ack: 0xD81B92B7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:44.662175 24.209.219.95:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA1BE4D6  Ack: 0xD82B7D9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.091637 24.209.219.95:4396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5078 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAB866ED  Ack: 0xD8A8878D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.149997 24.209.219.95:4399 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABAED8C  Ack: 0xD8B5C2DE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.222050 24.209.219.95:4408 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5110 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABC5646  Ack: 0xD8498CBA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.610401 24.209.219.95:3126 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB9D2B2C  Ack: 0xD8BE4269  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.678968 24.209.219.95:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5754 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFB9F1FC9  Ack: 0xD8D28261  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.767534 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.745223 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6481 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.879278 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6508 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCAAD218  Ack: 0xD8AA18F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.924732 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6513 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCABC270  Ack: 0xD8F5FEA5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:41.059263 24.130.204.30:1878 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:29208 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1A62BB11  Ack: 0xE49D1188  Win: 0x4098  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:45.993176 24.130.204.30:2115 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:30078 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1B2327EB  Ack: 0xE4C45844  Win: 0x4098  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:56.605172 24.130.204.30:2829 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:32048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1D4A643A  Ack: 0xE5F07E24  Win: 0x4098  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:10.392855 24.130.204.30:3403 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:34570 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F0D6E2F  Ack: 0xE7C05F6E  Win: 0x4098  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:11.913173 24.130.204.30:3643 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:34859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1FCC160F  Ack: 0xE7BC1181  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-08:07:13.508469 24.130.204.30:3738 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:35129 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2016514E  Ack: 0xE7B982AC  Win: 0x4098  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-08:07:15.449533 24.130.204.30:3818 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:35467 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x204EB5C3  Ack: 0xE74D1664  Win: 0x4098  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:20.285062 24.130.204.30:4072 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:36305 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21164B83  Ack: 0xE79FA19C  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:24.805798 24.130.204.30:4305 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37081 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21CB70FB  Ack: 0xE7D723B0  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:26.454704 24.130.204.30:4398 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37415 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2210424F  Ack: 0xE829473F  Win: 0x4098  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:28.183140 24.130.204.30:4498 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x225C3E97  Ack: 0xE89E9C08  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:30.072911 24.130.204.30:4648 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38062 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2298073B  Ack: 0xE8313974  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:31.540115 24.130.204.30:4792 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38310 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x22E3013A  Ack: 0xE86E3C18  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:33.131706 24.130.204.30:4976 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x232C0E40  Ack: 0xE860582A  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:45.709818 24.130.204.30:1526 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:40867 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24C29028  Ack: 0xE8F46F69  Win: 0x4098  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-16:39:15.687558 24.48.212.45:2722 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:28624 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA223E59  Ack: 0x7500AB13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-16:39:15.761749 24.48.212.45:2722 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:28625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA22440D  Ack: 0x7500AB13  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:38.642244 24.30.115.93:4925 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:1565 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB7C78FB1  Ack: 0x63D91661  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:39.612975 24.30.115.93:1068 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:1746 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB802EF68  Ack: 0x63B2A20F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:43.091217 24.30.115.93:1181 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:2279 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB862FF76  Ack: 0x64C152A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:53.302030 24.30.115.93:1505 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3538 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB97B3FC1  Ack: 0x655A3B39  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:03.517519 24.30.115.93:1807 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4491 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBA7F5BDB  Ack: 0x65924D5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-17:43:03.947867 24.30.115.93:1831 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4534 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBA90ED3C  Ack: 0x653CF9A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-17:43:04.493370 24.30.115.93:1844 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBA9AD2C2  Ack: 0x66059C16  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:05.187357 24.30.115.93:1856 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4654 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBAA3F8EC  Ack: 0x654F7EB0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:06.043780 24.30.115.93:1872 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4728 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAB1C936  Ack: 0x653DB01B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:09.545927 24.30.115.93:1899 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAC9BD06  Ack: 0x66466010  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:10.199078 24.30.115.93:2016 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5210 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBB2CB613  Ack: 0x65B4EA01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:10.581634 24.30.115.93:2035 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5257 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBB3D719C  Ack: 0x66339E21  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:32.542102 24.30.115.93:2705 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7511 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBD75E000  Ack: 0x6714214C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:35.510881 24.30.115.93:2705 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7878 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBD75E000  Ack: 0x6714214C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:36.025309 24.30.115.93:2851 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7975 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDEFBD60  Ack: 0x6706954C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:39.103894 24.30.115.93:2851 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8351 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDEFBD60  Ack: 0x6706954C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:45.940799 24.30.115.93:3141 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9108 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBEEB5703  Ack: 0x681F295A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:49.641078 24.30.115.93:3292 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF6BE093  Ack: 0x688844CD  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:48.070717 24.209.40.219:1903 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31942 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBC7A261C  Ack: 0xC0E2DAE4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.052523 24.209.40.219:2238 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33318 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBD984E21  Ack: 0xC11A6FB4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.712672 24.209.40.219:2258 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDA97CF9  Ack: 0xC195A40B  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:59.193371 24.209.40.219:2286 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33529 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDC18A58  Ack: 0xC120F08B  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:08.946998 24.209.40.219:2555 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34860 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEAC318F  Ack: 0xC1E45BA3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:09.565584 24.209.40.219:2578 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBEBF21E4  Ack: 0xC179D79C  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:18.959174 24.209.40.219:2856 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36026 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBFB1E7C5  Ack: 0xC21EA0D4  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:28.820403 24.209.40.219:3107 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37074 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC08ADEFE  Ack: 0xC2B1EF5D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:32.207972 24.209.40.219:3202 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37390 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC0DAFBF8  Ack: 0xC3737F38  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:41.768297 24.209.40.219:3460 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1BB18C9  Ack: 0xC3AF37FD  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:42.258987 24.209.40.219:3479 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38476 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1CAEB5F  Ack: 0xC3909D11  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:52.218942 24.209.40.219:3741 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC2A7D5A0  Ack: 0xC476542C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.355413 24.209.40.219:3759 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39551 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC2B812DA  Ack: 0xC3F7FA63  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.810498 24.209.40.219:3781 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39635 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2CC2C58  Ack: 0xC44E0491  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:55.030811 24.209.40.219:3799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39710 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2DC3E50  Ack: 0xC495A55D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:58.679318 24.209.40.219:3922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40191 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC3463633  Ack: 0xC4F7B7FF  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:20.358158 24.209.40.219:1180 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44031 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xED1C047B  Ack: 0xDC40ABBB  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.576838 24.209.40.219:1449 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45241 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEE07F8E9  Ack: 0xDCF98C6D  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.797481 24.209.40.219:1453 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45276 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE0B728F  Ack: 0xDD1FBF6D  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:32.907476 24.209.40.219:1597 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45964 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE808A6E  Ack: 0xDD07C779  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:42.087677 24.209.40.219:1931 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47567 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF92577E  Ack: 0xDDCE74AD  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:42.254910 24.209.40.219:1934 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47592 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEF9572C0  Ack: 0xDD8343BF  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:51.454130 24.209.40.219:2274 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49164 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0B065D4  Ack: 0xDEB3D1C8  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:51.589205 24.209.40.219:2277 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0B3206D  Ack: 0xDDEB9A3D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.805385 24.209.40.219:2513 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50328 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1843F95  Ack: 0xDF2C54E1  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.942874 24.209.40.219:2519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18956DF  Ack: 0xDEE0C54B  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:04.133062 24.209.40.219:2616 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1D802DA  Ack: 0xDF42D1C3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.128167 24.209.40.219:2706 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF224A287  Ack: 0xDF316EF4  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.217301 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51644 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF2717904  Ack: 0xDF4EA88B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.340137 24.209.40.219:2801 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF2739C0E  Ack: 0xDF600334  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.465931 24.209.40.219:2807 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51699 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF27831D5  Ack: 0xDF15E97B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.646729 24.209.40.219:2813 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27DB65B  Ack: 0xDFA930CD  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:07.710819 24.209.40.219:2721 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36173 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8329B22  Ack: 0x9BCC83FC  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:09.405470 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36477 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8724A09  Ack: 0x9C9C71F1  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:11.321205 24.209.40.219:2858 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A397E2  Ack: 0x9CBA6082  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:13.098376 24.209.40.219:2935 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8E30EE2  Ack: 0x9CD09E51  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:14.701615 24.209.40.219:3011 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9225EFB  Ack: 0x9CA7BC95  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:16.467036 24.209.40.219:3073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37671 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95668B8  Ack: 0x9C6582B9  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:18.199184 24.209.40.219:3135 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x987793E  Ack: 0x9C957F7F  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:28.622848 24.209.40.219:3579 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF04A51  Ack: 0x9DCA95E7  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:30.370817 24.209.40.219:3628 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40012 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB19E67F  Ack: 0x9DCF8C6C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:40.799383 24.209.40.219:4058 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41856 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC755432  Ack: 0x9DC7FEE4  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:42.309842 24.209.40.219:4132 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42107 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCB08714  Ack: 0x9E419F84  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:43.641885 24.209.40.219:4196 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42370 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCE475C8  Ack: 0x9E804DCB  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:45.260412 24.209.40.219:4237 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD07CD79  Ack: 0x9E0A84F5  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:47.064669 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42925 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:49.837381 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43389 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:52.051888 24.209.40.219:4509 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDE15292  Ack: 0x9F286788  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:06:02.930115 24.209.40.219:1118 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF3C9666  Ack: 0x9EF0C448  Win: 0xFFFF  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:45.647915 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA1A4  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:45.658642 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39987 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA758  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:48.639909 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40292 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA1A4  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-22:02:01.138734 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD19E2A  Ack: 0x38705357  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-22:02:01.161101 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51345 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1A3DE  Ack: 0x38705357  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-01:06:26.117938 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24671 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138673  Ack: 0xF037F8F2  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-01:06:26.138178 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138C27  Ack: 0xF037F8F2  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:21.508753 24.150.202.37:2349 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29768 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1DB248EA  Ack: 0x4961BF29  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:25.265558 24.150.202.37:2413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30825 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1DE5D0D3  Ack: 0x48E9E43B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:25.513009 24.150.202.37:2672 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30900 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1EB28B80  Ack: 0x492DC780  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:28.757216 24.150.202.37:2687 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31936 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1EBE92BC  Ack: 0x49B3E35B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:28.992214 24.150.202.37:2944 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32016 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1F881039  Ack: 0x49D3F618  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:31.956795 24.150.202.37:2944 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1F881039  Ack: 0x49D3F618  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:45:32.405203 24.150.202.37:3208 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32979 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20516B17  Ack: 0x4A174464  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:45:35.957340 24.150.202.37:3462 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:33930 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2114C8B1  Ack: 0x49C8D25A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:42.200173 24.150.202.37:3754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:35755 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21F8F8B9  Ack: 0x4A6F5392  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:46.156863 24.150.202.37:4010 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36960 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22C01B9E  Ack: 0x4A15BDD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:52.828077 24.150.202.37:4657 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39006 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x249AF1D0  Ack: 0x4B3EFEBC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.127729 24.150.202.37:1037 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39100 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x256945A6  Ack: 0x4ABAD468  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.463468 24.150.202.37:1060 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x257BD713  Ack: 0x4BA93A2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.880170 24.150.202.37:1097 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39329 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x25973120  Ack: 0x4B6730BD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:46:00.405883 24.150.202.37:1378 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41201 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x267475DA  Ack: 0x4BCDC312  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:46:00.723914 24.150.202.37:1637 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41285 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x273A44CE  Ack: 0x4BE514A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:51.651209 24.174.223.212:2597 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29107 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF464A7A  Ack: 0x782043BD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:55.585816 24.174.223.212:2644 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29410 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDF784C67  Ack: 0x781E0DD7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:55.949390 24.174.223.212:2655 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF8228A0  Ack: 0x780030AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:59.680794 24.174.223.212:2701 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29760 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDFB1D8FE  Ack: 0x78950737  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:00.506336 24.174.223.212:2707 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29823 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFB8EBDB  Ack: 0x78602427  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:58:04.396850 24.174.223.212:2760 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30116 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFED08C4  Ack: 0x78ABD2C6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:58:07.916720 24.174.223.212:2772 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30411 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFF87FF9  Ack: 0x7936E973  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:08.586944 24.174.223.212:2823 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30480 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE02AA25D  Ack: 0x78DDFBB1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:09.232352 24.174.223.212:2831 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30541 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE033498C  Ack: 0x78BF2670  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:09.923146 24.174.223.212:2839 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30592 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE03B25DA  Ack: 0x79645321  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:10.674924 24.174.223.212:2846 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0437CE8  Ack: 0x7904EF15  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:11.333665 24.174.223.212:2856 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30705 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE04B81BB  Ack: 0x78C8E0D2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:21.351734 24.174.223.212:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31422 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE0C0D8F2  Ack: 0x7990E361  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:22.353997 24.174.223.212:2992 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE0D152DB  Ack: 0x79983856  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:23.279440 24.174.223.212:3006 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31562 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE0DFD7FB  Ack: 0x79B09A57  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:23.925086 24.174.223.212:3016 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31615 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE0EAF262  Ack: 0x79912D93  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-07:40:43.265016 24.150.72.168:1541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:1084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED26012E  Ack: 0xC2B0B6A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-07:40:43.295456 24.150.72.168:1541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:1085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED2606E2  Ack: 0xC2B0B6A9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-09:21:13.059429 24.74.111.19:3282 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB504AD8  Ack: 0x3DE2999F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-09:21:13.066171 24.74.111.19:3282 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43600 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB50508C  Ack: 0x3DE2999F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:09.205232 24.126.254.13:1657 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29515 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x391C77EE  Ack: 0x9547483D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:17.607737 24.126.254.13:1867 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30319 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x39D704F7  Ack: 0x95764EFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:19.792071 24.126.254.13:1928 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30548 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3A09DE31  Ack: 0x95AF7AF0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:25.989516 24.126.254.13:2077 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31142 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3A86BBC4  Ack: 0x9634C4DA  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:28.082909 24.126.254.13:2153 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3AC6E83D  Ack: 0x95DD2B18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-10:52:32.920443 24.126.254.13:2312 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31982 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3B4DDABB  Ack: 0x96840785  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-10:52:35.088771 24.126.254.13:2360 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32235 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3B78DA0D  Ack: 0x96B32FA0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:36.311809 24.126.254.13:2419 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32377 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3BABABC7  Ack: 0x96A98941  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:38.438555 24.126.254.13:2457 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3BC9D019  Ack: 0x96E4DBDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:43.663227 24.126.254.13:2587 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C4047A9  Ack: 0x96B701E7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:49.210164 24.126.254.13:2726 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CB90873  Ack: 0x9743EF79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:54.340540 24.126.254.13:2797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34189 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CF87FFC  Ack: 0x97EDD721  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:56.393847 24.126.254.13:2932 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34396 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3D72E457  Ack: 0x981F582C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:57.673378 24.126.254.13:2987 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DA057D1  Ack: 0x9847F234  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:00.741978 24.126.254.13:2987 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34847 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DA057D1  Ack: 0x9847F234  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:02.366671 24.126.254.13:3104 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35041 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3E06C5E3  Ack: 0x980AB9DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:13.953010 24.126.254.13:3389 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:36153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3F031571  Ack: 0x98C97F34  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:06:27.258470 24.34.44.131:1584 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:20901 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA02A5143  Ack: 0x91B495BD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:06:28.545724 24.34.44.131:1596 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21025 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA037E23F  Ack: 0x913B5CDB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:22:40.264006 65.214.36.115:44081 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:63391 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xC35E20DE  Ack: 0xCF0CFD4E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370202653 1930576072 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:24.610775 24.94.212.166:4728 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB0DDB8F4  Ack: 0x10D10117  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.079837 24.94.212.166:4733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29983 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB0E37797  Ack: 0x11923CF2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.353159 24.94.212.166:4734 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29997 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB0E5707B  Ack: 0x10CDD8D1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.585506 24.94.212.166:4735 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30009 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB0E6B4CD  Ack: 0x11088CCC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.835940 24.94.212.166:4736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30027 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0E8A2BF  Ack: 0x11745876  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:40:26.101106 24.94.212.166:4744 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30046 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0EEF1E9  Ack: 0x10CE11D1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:40:26.368999 24.94.212.166:4748 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30066 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0F2C3F2  Ack: 0x10C92FD9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:35.705381 24.94.212.166:4902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30687 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB1888245  Ack: 0x119BC66D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:35.994070 24.94.212.166:4907 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB18D1AC9  Ack: 0x11F74C17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:45.244530 24.94.212.166:1070 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31244 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2145B90  Ack: 0x1274E51F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:48.485373 24.94.212.166:1112 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31396 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB23E6DD0  Ack: 0x12A68DCA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:49.116584 24.94.212.166:1119 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31423 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB244AFDA  Ack: 0x12DEB7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.353834 24.94.212.166:1448 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB388DDAE  Ack: 0x13BC9C01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.594973 24.94.212.166:1451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32771 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB38C3678  Ack: 0x143ABF2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.874470 24.94.212.166:1453 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32786 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB38EB589  Ack: 0x13E1354A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:11.127635 24.94.212.166:1456 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB391C30A  Ack: 0x140C8803  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-14:05:05.429385 24.207.159.213:4860 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52538 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA351D71C  Ack: 0x6ED6A82E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-14:05:05.435717 24.207.159.213:4860 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52539 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA351DCD0  Ack: 0x6ED6A82E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-16:22:06.756594 66.196.65.24:4429 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:17014 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1F7F8E0E  Ack: 0x74ABC626  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-19:48:44.352589 24.209.98.148:3646 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B6F699  Ack: 0x80B365CE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-19:48:44.378030 24.209.98.148:3646 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54543 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B6FC4D  Ack: 0x80B365CE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:27:14.863725 24.209.98.148:4512 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58504 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8EC4697  Ack: 0x11D3D095  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:27:14.892999 24.209.98.148:4512 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58505 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8EC4C4B  Ack: 0x11D3D095  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:32:15.449670 24.209.98.148:1286 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25704 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x657838F  Ack: 0x24FB6F60  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:32:15.489098 24.209.98.148:1286 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25705 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6578943  Ack: 0x24FB6F60  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-20:45:59.252765 66.196.65.24:42041 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53097 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE82C29B1  Ack: 0x58802E7E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:09.956104 24.60.106.185:1296 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x63EC529B  Ack: 0x9A3A2488  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:14.669219 24.60.106.185:1670 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20814 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x651494FE  Ack: 0x9A190D07  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:15.614185 24.60.106.185:1730 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20969 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6543FA7B  Ack: 0x9A8BC558  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:25.530198 24.60.106.185:2151 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22647 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x669F0D97  Ack: 0x9ACFB673  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:26.369983 24.60.106.185:2187 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22793 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE0F9C  Ack: 0x9B75CCAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-21:03:27.357506 24.60.106.185:2225 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66DBEE33  Ack: 0x9B386AEA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-21:03:28.540200 24.60.106.185:2255 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23151 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66F5B9D7  Ack: 0x9BB3D87C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:41.862496 24.60.106.185:2707 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25473 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x686A5CA5  Ack: 0x9C031FBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:42.832786 24.60.106.185:2880 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25642 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68F828B9  Ack: 0x9BD7A3F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:43.899490 24.60.106.185:2930 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6922259D  Ack: 0x9C747889  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:54.075547 24.60.106.185:3361 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27522 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A88D611  Ack: 0x9C751FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:55.151385 24.60.106.185:3426 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6ABCFF7B  Ack: 0x9CF7BDEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:05.378400 24.60.106.185:3889 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29545 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C30143B  Ack: 0x9DD6C94C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:06.548450 24.60.106.185:3943 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C58F3F9  Ack: 0x9DC3B310  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:07.624896 24.60.106.185:3997 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29958 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6C845017  Ack: 0x9D0D9DC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:17.855940 24.60.106.185:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DFB5527  Ack: 0x9DC1B7B4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:40:43.535169 24.127.23.32:4794 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:125 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3BAB6290  Ack: 0x27BA99DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:40:45.088491 24.127.23.32:1267 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:523 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3D0AE972  Ack: 0x274DEF24  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:11:02.976732 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2827  Ack: 0x997CC15B  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:11:02.985828 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2DDB  Ack: 0x997CC15B  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:55.617806 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41004 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:58.206598 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:42060 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:02.581769 24.209.219.162:2177 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43889 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x30054357  Ack: 0xE9C7F19F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:06.606051 24.209.219.162:2857 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45306 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31A275E8  Ack: 0xEAA50074  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.200122 24.209.219.162:2969 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45678 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31F3E9A5  Ack: 0xE9FE60D0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.860645 24.209.219.162:3140 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3274F136  Ack: 0xEAB62C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:08.013768 24.209.219.162:3204 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:46053 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x32A75A57  Ack: 0xE9FB9BCE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:11.724381 24.209.219.162:3688 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3381417E  Ack: 0xEA74A733  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:11.994124 24.209.219.162:3706 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x33913528  Ack: 0xEAA211A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:16.772817 24.209.219.162:4123 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:48631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34D57F18  Ack: 0xEB4FF2B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:17.797275 24.209.219.162:4297 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3534CBD4  Ack: 0xEAC5F834  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.477739 24.209.219.162:4880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36157D92  Ack: 0xEB4A3A60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.767329 24.209.219.162:1094 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3680595F  Ack: 0xEB4FF1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.969599 24.209.219.162:1165 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49688 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36B37302  Ack: 0xEAE0F309  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.157916 24.209.219.162:1217 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D7D2DD  Ack: 0xEAECFF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.413768 24.209.219.162:1319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:50006 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372F2965  Ack: 0xEB29C3DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:23.292273 24.209.219.162:1618 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51409 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F9CA9D  Ack: 0xEB01F58E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:34:47.064169 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5419 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68637033  Ack: 0xF3FCDB70  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:34:47.074456 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5420 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x686375E7  Ack: 0xF3FCDB70  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:38:28.246437 66.196.65.24:27391 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50912 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4EF2957  Ack: 0x1A16AE8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.171658 24.209.219.162:4235 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE058A803  Ack: 0x6D80B252  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.284619 24.209.219.162:4251 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62699 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE0621AC7  Ack: 0x6DBB4631  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.333253 24.209.219.162:4750 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63793 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10A8A88  Ack: 0x6D307187  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.468011 24.209.219.162:4755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10E3DB4  Ack: 0x6D0F2EE2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.590413 24.209.219.162:4793 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63882 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1257017  Ack: 0x6D0B62C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:47.911561 24.209.219.162:1199 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE1F86B4B  Ack: 0x6DAAB293  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:51.215431 24.209.219.162:1594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:65376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE32A0ADC  Ack: 0x6DB510E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.712570 24.209.219.162:1988 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:761 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE45D58AD  Ack: 0x6DD9E45D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.794658 24.209.219.162:2032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4797D3F  Ack: 0x6E80346A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.851764 24.209.219.162:2058 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:835 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE48D866C  Ack: 0x6DDAE962  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.149823 24.209.219.162:2070 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:858 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE49AE83D  Ack: 0x6E6455E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.666306 24.209.219.162:2319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE503156B  Ack: 0x6E071D58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.904468 24.209.219.162:2356 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1282 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE520C3EB  Ack: 0x6DD666B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.976415 24.209.219.162:2363 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE526B02B  Ack: 0x6DE52F26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.031569 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1317 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE529C2B6  Ack: 0x6DF6FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.156230 24.209.219.162:2376 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5301BB5  Ack: 0x6E7B4574  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.057872 24.209.219.162:4319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45322 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE73CE1C  Ack: 0x1039EF83  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.217079 24.209.219.162:4322 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE76439D  Ack: 0x10EEC7BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.313446 24.209.219.162:4329 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE79C566  Ack: 0x104A9540  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:52.636949 24.209.219.162:1637 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47423 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x110F1FBB  Ack: 0x10A56449  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:01.972402 24.209.219.162:2302 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13180700  Ack: 0x11DDC058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.629102 24.209.219.162:3437 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51845 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1569FD4D  Ack: 0x127C81E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.720857 24.209.219.162:3765 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16366F91  Ack: 0x12217004  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:24.009159 24.209.219.162:4951 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:53702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17BE5503  Ack: 0x132D9222  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.937291 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EAFE64  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.957880 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EB0418  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.222681 24.209.219.162:1746 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55054 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CCA030  Ack: 0x13E482EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.281009 24.209.219.162:1747 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CE451A  Ack: 0x1389CBF0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.380267 24.209.219.162:1749 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D02325  Ack: 0x130A47E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.457620 24.209.219.162:1755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D4C618  Ack: 0x13811713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.525806 24.209.219.162:1757 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x19D6F2EC  Ack: 0x138B9D78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.590561 24.209.219.162:1758 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19D7775C  Ack: 0x131813B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.639186 24.209.219.162:1781 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55175 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19E8B534  Ack: 0x13861B0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.711240 24.209.219.162:1786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55190 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19EAFDD1  Ack: 0x13DE4842  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.724495 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C84186  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.748493 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8473A  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.327918 24.209.219.162:1483 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25615 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF155753F  Ack: 0xF6C00DD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.431970 24.209.219.162:1499 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF1619DA3  Ack: 0xEF944DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.556440 24.209.219.162:1521 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25712 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF172BFEC  Ack: 0xFA6EE70  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.242311 24.209.219.162:2366 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28015 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF40911E6  Ack: 0xFA147C2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.360430 24.209.219.162:2390 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF41C14B3  Ack: 0x1030FB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.423323 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF420BAA1  Ack: 0xFC570AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.487895 24.209.219.162:2400 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF424234F  Ack: 0x1046FAEF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.591918 24.209.219.162:2404 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF4270687  Ack: 0x10365E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.642447 24.209.219.162:2409 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28184 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF42AA2E5  Ack: 0x102AD646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.694227 24.209.219.162:2422 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF434BE5E  Ack: 0x103648EE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.770837 24.209.219.162:2425 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF436F9CF  Ack: 0xFFD305A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.875921 24.209.219.162:2452 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28336 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF44A64B8  Ack: 0x101E8A3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.325275 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF4C3FB2E  Ack: 0x107893E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.390964 24.209.219.162:2609 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4C7C6C4  Ack: 0x100069BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.479718 24.209.219.162:2612 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29111 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF4CAAE3E  Ack: 0x1057FD39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.576374 24.209.219.162:2615 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4CD662A  Ack: 0x10189A90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:48.517444 24.126.82.22:3101 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:58618 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5AFC41E8  Ack: 0xEA1881E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:58.391376 24.126.82.22:3511 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60204 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C4FC9E3  Ack: 0xF83776E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:59.192298 24.126.82.22:3534 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60324 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C646625  Ack: 0xF64BC85  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.074330 24.126.82.22:3566 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60474 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C7E8D2A  Ack: 0xFB7A533  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.957095 24.126.82.22:3601 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C9D0445  Ack: 0xF7165FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:10.917473 24.126.82.22:3997 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62223 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5DE9AC15  Ack: 0x1091B3BC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:11.712572 24.126.82.22:4030 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E04EAD2  Ack: 0xFC49F13  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:12.157508 24.126.82.22:4065 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62483 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5E21F20E  Ack: 0x10AD1D9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:21.956948 24.126.82.22:4448 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5F6B87B9  Ack: 0x110EEFA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:31.726831 24.126.82.22:4897 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x60E04BF4  Ack: 0x118EAFF6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:32.935320 24.126.82.22:4930 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x60FD22D0  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:33.275771 24.126.82.22:4972 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:703 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6120F418  Ack: 0x1188580C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.071065 24.126.82.22:4995 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1368 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x613342DF  Ack: 0x1206ADE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.908991 24.126.82.22:1169 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1547 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61B14028  Ack: 0x11A40B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:38.638939 24.126.82.22:1208 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1690 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x61CEF057  Ack: 0x11D02E5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:39.319055 24.126.82.22:1236 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1800 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61E7D544  Ack: 0x12115F53  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.648949 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x931082A  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.672024 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23690 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9310DDE  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:32.861352 24.209.219.162:1921 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6444130  Ack: 0x12AC298A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.044030 24.209.219.162:2882 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8F79909  Ack: 0x12E30A6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.106911 24.209.219.162:2929 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91087BC  Ack: 0x12E72AA8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.402050 24.209.219.162:2941 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20494 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91B33A4  Ack: 0x133B6F9D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.452363 24.209.219.162:2948 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF91D0987  Ack: 0x1309B642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.736286 24.209.219.162:3151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C66F4F  Ack: 0x13DED8A7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.831394 24.209.219.162:3166 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C8F920  Ack: 0x13F98101  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:45.887705 24.209.219.162:3169 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21344 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9CC17D1  Ack: 0x133B3BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:55.262552 24.209.219.162:1031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC11DA6A  Ack: 0x1436CE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:07.824801 24.209.219.162:1805 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFED491C1  Ack: 0x14C2787C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.125339 24.209.219.162:3231 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x17CF91A  Ack: 0x15419D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.184049 24.209.219.162:3236 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1814F9C  Ack: 0x15D764DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.244329 24.209.219.162:3239 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x183CB2B  Ack: 0x1532691E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.289143 24.209.219.162:3240 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x184F750  Ack: 0x157135F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.355114 24.209.219.162:3241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28377 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x185AFCA  Ack: 0x1594B3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:26.570589 24.209.219.162:4464 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:30695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43EB8C0  Ack: 0x16351E8A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:46.379970 24.202.192.141:1222 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28589 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD7BCB47B  Ack: 0x56E95579  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:52.139272 24.202.192.141:1347 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29074 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD830EB0D  Ack: 0x56DE0A89  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:53.728076 24.202.192.141:1471 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8A478A1  Ack: 0x579A22F5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:55.448929 24.202.192.141:1560 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8EDA8B7  Ack: 0x57AF7A05  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:15.767772 24.209.219.162:2667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:33560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4821949B  Ack: 0x3803C825  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.653225 24.209.219.162:2818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x484D4BA0  Ack: 0x3808572F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.890753 24.209.219.162:3818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34766 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F42441  Ack: 0x38717D7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.959326 24.209.219.162:3825 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34783 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F9C557  Ack: 0x386E3800  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:23.536864 24.209.219.162:3876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A0E23D6  Ack: 0x380DAAD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:23.888874 24.209.219.162:4195 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AD34C86  Ack: 0x37E17560  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:24.014043 24.209.219.162:4234 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AF08702  Ack: 0x3851225A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.100665 24.209.219.162:4238 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35979 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AF4ABE2  Ack: 0x37D76F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.169344 24.209.219.162:4242 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35994 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF75154  Ack: 0x37CAB47B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.582260 24.209.219.162:1110 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38334 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB0336E  Ack: 0x391F9085  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.652621 24.209.219.162:1114 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38349 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3299A  Ack: 0x38B0FB98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.720380 24.209.219.162:1115 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3D535  Ack: 0x3899264E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:43.010132 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:40965 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:46.126004 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41692 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.453483 24.209.219.162:2845 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5170C486  Ack: 0x3ADD899F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.778198 24.209.219.162:2880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43321 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5186BD4B  Ack: 0x3AB6149E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.836189 24.209.219.162:2936 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5194097B  Ack: 0x3B0691ED  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:12.873580 24.209.219.162:3248 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62967 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x642CFE1E  Ack: 0x3FE0BF33  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:22.214796 24.209.219.162:3943 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64826 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x65D6CBD6  Ack: 0x3FD9FC59  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.797810 24.209.219.162:1566 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2882 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68EADBD6  Ack: 0x40BBFAC9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.850818 24.209.219.162:1696 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2889 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6952BBFE  Ack: 0x415278F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.929185 24.209.219.162:1700 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2901 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69556AF6  Ack: 0x40C2EF4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:37.974234 24.209.219.162:1844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D1C08F  Ack: 0x41B7D37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:38.038747 24.209.219.162:1847 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D49EC8  Ack: 0x415BC1F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:38.107077 24.209.219.162:1852 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3563 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x69D87582  Ack: 0x4179606A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.211525 24.209.219.162:1975 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A3D3D09  Ack: 0x40F2E093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.276604 24.209.219.162:1983 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4146 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4408A4  Ack: 0x41A734FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.336312 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A457EA2  Ack: 0x411A663F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.407428 24.209.219.162:1989 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4835A6  Ack: 0x4176BAC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.495632 24.209.219.162:1998 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A4F5BAE  Ack: 0x41689AD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.560074 24.209.219.162:2010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A57C8FE  Ack: 0x413D3833  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.640496 24.209.219.162:2012 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4264 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A598C9C  Ack: 0x4132A6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.694652 24.209.219.162:2025 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A608629  Ack: 0x4118ADB9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.336908 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4501 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49150D20  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.356210 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4502 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x491512D4  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:16.180610 24.209.219.162:2477 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x325D57FD  Ack: 0x78653761  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:25.407559 24.209.219.162:2937 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:19365 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x339BA22F  Ack: 0x79622F27  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:28.476758 24.209.219.162:3444 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x34B1682C  Ack: 0x795EB5F7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:37.699083 24.209.219.162:4687 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22512 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36CB300A  Ack: 0x79BA73E1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:38.059711 24.209.219.162:4718 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D53AA4  Ack: 0x79CC7F7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:44.642034 24.209.219.162:1032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374B678A  Ack: 0x79E30701  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:53.828667 24.209.219.162:2091 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3A4B21BD  Ack: 0x7B50717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.174998 24.209.219.162:2354 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26741 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3B1431C5  Ack: 0x7B8C33BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.249007 24.209.219.162:2357 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B16FC95  Ack: 0x7A92051A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.339550 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B1E7E7A  Ack: 0x7B418D8A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.416034 24.209.219.162:2381 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B285EB8  Ack: 0x7B2FF19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.473940 24.209.219.162:2385 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26875 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B2B0DA6  Ack: 0x7B460B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.815894 24.209.219.162:2833 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28680 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3C726970  Ack: 0x7BE87C43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.878445 24.209.219.162:2837 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C74BC6A  Ack: 0x7C13655F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.952694 24.209.219.162:2844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28715 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3C79255F  Ack: 0x7B785B6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:07.018960 24.209.219.162:2860 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28743 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C81DA0E  Ack: 0x7BED4FD7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.146428 24.209.219.162:2744 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27452 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7D30FCF9  Ack: 0x8DCE3690  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.209627 24.209.219.162:2767 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27466 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7D39FBAF  Ack: 0x8E7DA20C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.270780 24.209.219.162:2775 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27491 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D3F728E  Ack: 0x8DD34C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.354163 24.209.219.162:2778 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27506 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D41BA43  Ack: 0x8E67916E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.420587 24.209.219.162:2786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D4712A0  Ack: 0x8DE598F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:03.882307 24.209.219.162:3277 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28579 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E51F36B  Ack: 0x8EA2A191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:07.040075 24.209.219.162:3961 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29416 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7F7D265C  Ack: 0x8EED7B61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.107947 24.209.219.162:4009 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29449 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7F8FB144  Ack: 0x8ED563AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.163916 24.209.219.162:4010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29482 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7F910DCC  Ack: 0x8E8FF64F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.789733 24.209.219.162:4814 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:31992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x813085C4  Ack: 0x8EE7A25F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.860112 24.209.219.162:4993 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818C1A6F  Ack: 0x8F81FEF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.914543 24.209.219.162:4995 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818D41C5  Ack: 0x8F6BFF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.019679 24.209.219.162:1027 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32058 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8192C55C  Ack: 0x8EEB4184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.096121 24.209.219.162:1029 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32068 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8193F437  Ack: 0x8F583E07  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.159567 24.209.219.162:1039 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x819C0F89  Ack: 0x8EE67A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.236735 24.209.219.162:1044 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x81A00418  Ack: 0x8F1F19E3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:02.361031 24.209.219.162:2344 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x784CAA93  Ack: 0x1A8C8071  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.099850 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A1A4AC2  Ack: 0x1BA6BED4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.246191 24.209.219.162:3490 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC5597B  Ack: 0x1BA29551  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.304937 24.209.219.162:3492 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC6A66A  Ack: 0x1B21E0D8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.357263 24.209.219.162:3533 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AD4EBBC  Ack: 0x1B39334A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:24.613854 24.209.219.162:4594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3767 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7CEEFEB9  Ack: 0x1BE7457A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:33.930101 24.209.219.162:1545 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:5678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7EF4851D  Ack: 0x1C0445CF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:43.467376 24.209.219.162:2346 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7692 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x81594DD8  Ack: 0x1D0256CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.694719 24.209.219.162:2960 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82E888CE  Ack: 0x1D8BF10D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.785612 24.209.219.162:2967 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82EA3224  Ack: 0x1D4C4063  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:02.157662 24.209.219.162:4068 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84E62FA7  Ack: 0x1E0C1930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:11.484723 24.209.219.162:1104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C9E2A3  Ack: 0x1F38420D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:17.970499 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14229 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:23.977665 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.028436 24.209.219.162:2448 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16536 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AA8E157  Ack: 0x1F668E42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.079199 24.209.219.162:2454 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16550 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AAD5F93  Ack: 0x2015226F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.134918 24.209.219.162:2458 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB071C5  Ack: 0x1FAA30F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:30.821986 24.209.219.162:2478 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9668 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD8364BF4  Ack: 0x7DD83F69  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.153190 24.209.219.162:3194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9D06D55  Ack: 0x7F0DED6E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.206663 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9D1FAE5  Ack: 0x7EE8BF83  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.578144 24.209.219.162:4660 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC650FE7  Ack: 0x7F883334  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.664255 24.209.219.162:4667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13709 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC679B25  Ack: 0x7F719EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.735029 24.209.219.162:4677 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6A0C8F  Ack: 0x7F7C98E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.825110 24.209.219.162:4678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13779 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6AA0DF  Ack: 0x7F07723B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:53.332907 24.209.219.162:4736 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC81A748  Ack: 0x7F09722B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.714278 24.209.219.162:1849 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF4BCC99  Ack: 0x8019316C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.793111 24.209.219.162:1861 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5922C2  Ack: 0x7FE5796A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.899542 24.209.219.162:1868 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5EBE4C  Ack: 0x7FCD570C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.968167 24.209.219.162:1870 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16701 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF605B1F  Ack: 0x8089E8D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:03.023912 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16712 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:05.935768 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.182877 24.209.219.162:2031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE26668  Ack: 0x80E0192E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.241934 24.209.219.162:2033 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17358 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDFE3E7F8  Ack: 0x8052B2FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.304378 24.209.219.162:2036 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17364 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE619B2  Ack: 0x80806196  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.216983 24.209.219.162:2241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:918 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA2A0F  Ack: 0xC52FE17B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.281550 24.209.219.162:2244 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:937 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE4AC6DE0  Ack: 0xC4E36A32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.339594 24.209.219.162:2247 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:944 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4AF1F27  Ack: 0xC5D435CE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.420031 24.209.219.162:2250 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4B12738  Ack: 0xC51CCAF6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.492685 24.209.219.162:2257 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B72FAC  Ack: 0xC4DF82F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:31.570539 24.209.219.162:2258 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1023 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE4B7FC1B  Ack: 0xC55CD704  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:34.629681 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1649 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE53589A4  Ack: 0xC58F7C3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:43.826697 24.209.219.162:3953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3984 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE8031720  Ack: 0xC5D65745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.128105 24.209.219.162:4913 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F51A60  Ack: 0xC632B626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.182270 24.209.219.162:4918 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6460 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F8E029  Ack: 0xC6F27FAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:56.235473 24.209.219.162:1194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7151 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA7BDDC1  Ack: 0xC6B874EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.460341 24.209.219.162:2151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED418666  Ack: 0xC75782E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.544357 24.209.219.162:2152 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED427E68  Ack: 0xC76B4ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.584645 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.524343 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.784342 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10386 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEDFC4F29  Ack: 0xC7FA57AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:18.107931 24.209.219.162:3220 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEFFFE3BD  Ack: 0xC7DF643A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:37.786286 24.157.153.204:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:29770 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1AC2F855  Ack: 0x19346A60  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:41.857219 24.157.153.204:1628 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30332 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1B74A424  Ack: 0x1A21A94D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:48.765916 24.157.153.204:1906 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31321 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1C465982  Ack: 0x19726DD3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:58.182816 24.157.153.204:2666 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32947 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E851163  Ack: 0x1AB1823F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:58.362691 24.157.153.204:2673 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1E8B1554  Ack: 0x1AF8C891  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:54:58.552832 24.157.153.204:2683 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33007 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1E938CD6  Ack: 0x1B152546  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:54:58.745249 24.157.153.204:2688 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33029 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1E97FB74  Ack: 0x1AD2C83F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.331219 24.157.153.204:3182 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34466 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2017FF69  Ack: 0x1ADD15DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.510685 24.157.153.204:3210 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34506 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x20222057  Ack: 0x1B7D98CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.703414 24.157.153.204:3216 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34533 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x202726BF  Ack: 0x1B2A899E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.898789 24.157.153.204:3222 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34565 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x202C245F  Ack: 0x1B473464  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:09.242755 24.157.153.204:3231 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34634 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2032F250  Ack: 0x1B706B94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:09.463832 24.157.153.204:3293 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34685 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x206524F6  Ack: 0x1BA504A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:12.669074 24.157.153.204:3301 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:35153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x206BC2ED  Ack: 0x1BCAA562  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:18.583688 24.157.153.204:3301 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:35986 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x206BC2ED  Ack: 0x1BCAA562  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:21.809408 24.157.153.204:3927 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:36310 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2252BEB7  Ack: 0x1C4A5CBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:31.250159 24.157.153.204:4313 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:37556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x238E619C  Ack: 0x1C33D39A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:57:16.843695 210.107.253.211:3481 -> 192.168.1.6:80
TCP TTL:98 TOS:0x4 ID:27292 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB51964E  Ack: 0x23D63F73  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:57:16.855652 210.107.253.211:3481 -> 192.168.1.6:80
TCP TTL:98 TOS:0x4 ID:27291 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB51909A  Ack: 0x23D63F73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:00:21.492471 66.196.65.24:39271 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3278 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x923DC074  Ack: 0x2EBBE9BF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.690041 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53133 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA57C6  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.710008 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA5D7A  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.131068 24.209.219.162:4145 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x346BAF75  Ack: 0xB513E31  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.456389 24.209.219.162:4268 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52570 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x348C8FB7  Ack: 0xB632F62  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.260874 24.209.219.162:4804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35A2A3BA  Ack: 0xBCD8950  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.349647 24.209.219.162:4976 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54646 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x361A1FBD  Ack: 0xC01B7F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.414816 24.209.219.162:4986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54659 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x361F03F6  Ack: 0xC5564B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:06.518673 24.209.219.162:4996 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54672 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3621FAE4  Ack: 0xBD0E88E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:11.998642 24.209.219.162:1406 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55628 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x371444E6  Ack: 0xBEE3DBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.430856 24.209.219.162:1804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57200 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x385C11D7  Ack: 0xD03974F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.505118 24.209.219.162:1809 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x385FB745  Ack: 0xD65E898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.599450 24.209.219.162:1815 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57242 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386442D4  Ack: 0xD488FF5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.666051 24.209.219.162:1823 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57256 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3869A3D8  Ack: 0xD1B4352  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.794558 24.209.219.162:1827 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57276 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386D4ADC  Ack: 0xD172D5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.871018 24.209.219.162:1831 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57296 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3871C55E  Ack: 0xC96C18A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:25.857130 24.209.219.162:1835 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38748E94  Ack: 0xD0C5F6D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.077825 24.209.219.162:1953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57784 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x38D1ED52  Ack: 0xCD07951  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.213821 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57837 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38EE8F58  Ack: 0xD186D3C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-10:30:39.751010 209.237.238.174:53407 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:161
***AP*** Seq: 0x8414FACF  Ack: 0x76C88077  Win: 0x16A0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:13:16.473881 24.82.171.110:3894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x663E4557  Ack: 0x7C0BFF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:13:16.570214 24.82.171.110:3894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x663E4B0B  Ack: 0x7C0BFF5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:15:42.966610 66.196.65.24:46250 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:57680 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5507744C  Ack: 0x10F07504  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.086608 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25129 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0xBD0FDCAE  Ack: 0x1B37EEF1  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.580485 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25131 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xBD0FDD3B  Ack: 0x1B37F05F  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.774003 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC83B83  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.798325 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC84137  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.434993 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25835 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x108CFFE4  Ack: 0x67E42A34  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.907490 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25836 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x108D0071  Ack: 0x67E42BA2  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:02.120281 129.137.185.125:1904 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25841 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x1041D4B3  Ack: 0x67C33295  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:04.139165 129.137.185.125:1905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25846 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x32370826  Ack: 0x68984F58  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:41:56.151497 209.237.238.158:2399 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:28390 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x4FB101CF  Ack: 0x73E3DE32  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 889019649 1973577747 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.107707 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31704 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x1EEEDE8F  Ack: 0x791EB03A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.200655 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31705 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x1EEEDF1C  Ack: 0x791EB1A8  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.939276 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20423 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84F76F  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.978172 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84FD23  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.009176 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32670 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x153C2BAC  Ack: 0x9417CD4B  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.376133 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32671 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x153C2C39  Ack: 0x9417CEB9  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-16:37:53.921821 209.237.238.174:42892 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58107 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE19372A5  Ack: 0xEE4F5616  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 293572716 1980829057 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-16:39:26.825682 209.237.238.175:53250 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58541 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE831D8E7  Ack: 0xF4BC05CA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 293289051 1980876646 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:07.034474 24.34.222.52:4888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:307 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9631937D  Ack: 0x5DD062A7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:08.426208 24.34.222.52:4929 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:482 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9654E426  Ack: 0x5ED9A0A4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:09.338884 24.34.222.52:4957 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x966C4FF1  Ack: 0x5E48C2DD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:10.409484 24.34.222.52:4986 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:753 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9684D16D  Ack: 0x5EF52FC8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:14.246170 24.34.222.52:3106 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96E7B13D  Ack: 0x5EBF842B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:07:15.046994 24.34.222.52:3127 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1366 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96FB0A07  Ack: 0x5ED8B7E3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:07:19.149697 24.34.222.52:3261 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1904 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9770E463  Ack: 0x5F06042D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:23.402856 24.34.222.52:3376 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:2456 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x97D5696E  Ack: 0x5F14E327  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:33.312905 24.34.222.52:3396 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:3696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97E6BEFF  Ack: 0x5FAE8A10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:34.626473 24.34.222.52:3676 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:3878 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98D897E3  Ack: 0x604836C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:41.533151 24.34.222.52:3795 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:4726 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x994331EE  Ack: 0x6096554E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:45.549558 24.34.222.52:3979 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E4F9C2  Ack: 0x606397B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:48.544211 24.34.222.52:3979 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5621 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E4F9C2  Ack: 0x606397B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:49.879329 24.34.222.52:4111 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5800 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9A56800A  Ack: 0x607FA05F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:56.435356 24.34.222.52:4230 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9ABFCC09  Ack: 0x616FAEE8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:08:00.140683 24.34.222.52:4320 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7133 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B0A9C93  Ack: 0x6186FF5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:08:01.015722 24.34.222.52:4429 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B691521  Ack: 0x61FDC4B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:36:48.745517 64.68.82.16:22955 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:7423 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xC0D19956  Ack: 0xCD8ADFBC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 741574335 1982638185 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:52.686745 24.209.174.0:4162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32224 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFD3109C2  Ack: 0xE4AD6F58  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:53.650186 24.209.174.0:4183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32361 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFD451B3D  Ack: 0xE46CBFFF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:03.711487 24.209.174.0:4456 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE34C3A2  Ack: 0xE535113D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.321462 24.209.174.0:4470 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE410A36  Ack: 0xE4B3764A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.938237 24.209.174.0:4490 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34037 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE530958  Ack: 0xE560F96B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:08.471526 24.209.174.0:4509 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34601 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFE64C842  Ack: 0xE53DB9AC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:12.337558 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35181 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:15.243418 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:15.941252 24.209.174.0:4807 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFF68F474  Ack: 0xE6D75FA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:19.638163 24.209.174.0:4915 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36277 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFC705FF  Ack: 0xE706B9E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:20.182494 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36360 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:23.057405 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.068049 24.209.174.0:1079 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36977 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3E89B2  Ack: 0xE77307E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.496080 24.209.174.0:1091 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x497DF9  Ack: 0xE72F97D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.269383 24.209.174.0:1210 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37610 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAD3B40  Ack: 0xE7A1CCE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.698188 24.209.174.0:1221 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7A755  Ack: 0xE7A87877  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:31.991447 24.209.174.0:1327 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38178 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x112CE1E  Ack: 0xE71CFED5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:35.880025 24.209.174.0:1443 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38794 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1793B84  Ack: 0xE7712DAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.877055 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15716 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7C605  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.933094 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15717 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7CBB9  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:56.285984 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31926 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A7C36  Ack: 0x441C3112  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:56.292562 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A81EA  Ack: 0x441C3112  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.721427 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:231 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB11B  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.746096 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB6CF  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.222705 24.209.174.0:3901 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29715 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x20B60FA0  Ack: 0xCDB075C4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.717756 24.209.174.0:3911 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29783 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20BF26D5  Ack: 0xCE3BD9FC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.003524 24.209.174.0:3926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29826 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20CA8A59  Ack: 0xCD82D765  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.288617 24.209.174.0:3941 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29870 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20D7642C  Ack: 0xCE35E8EC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.622359 24.209.174.0:3954 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29920 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20E1D57C  Ack: 0xCD9A1AA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:10.880264 24.209.174.0:3966 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20EB53E7  Ack: 0xCE4ECB24  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:14.664836 24.209.174.0:3991 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30378 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21019788  Ack: 0xCE3538D0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.203566 24.209.174.0:4386 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x224FED49  Ack: 0xCEA585EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.463015 24.209.174.0:4397 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22584878  Ack: 0xCE46C8D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.696405 24.209.174.0:4400 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x225B8741  Ack: 0xCE350EEB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.981841 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226192D7  Ack: 0xCE7ADEAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.267831 24.209.174.0:4418 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31414 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226A7A66  Ack: 0xCE7783C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.532648 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31440 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.507972 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.899337 24.209.174.0:4523 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31730 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22C7DD04  Ack: 0xCF4483F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.108515 24.209.174.0:4528 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x22CCE646  Ack: 0xCED77B91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.374187 24.209.174.0:4535 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31766 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22D331A6  Ack: 0xCEEDEAD3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:16:19.991922 24.209.196.254:4201 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6546 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B4C4246  Ack: 0x27F1AFA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:16:19.993177 24.209.196.254:4201 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B4C47FA  Ack: 0x27F1AFA0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.494301 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45899 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4A0E  Ack: 0x54899156  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.516671 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4FC2  Ack: 0x54899156  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:40:56.240352 24.209.174.0:4127 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28546 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x54A14477  Ack: 0x853A126A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:05.802882 24.209.174.0:4398 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x558CFA49  Ack: 0x85FCA940  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:06.064546 24.209.174.0:4405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5593073A  Ack: 0x85C3A60E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.575181 24.209.174.0:4530 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x55F84913  Ack: 0x859D4A51  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.860959 24.209.174.0:4541 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29797 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56020401  Ack: 0x85A19911  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:10.124624 24.209.174.0:4549 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29830 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x56089E76  Ack: 0x85B28B84  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:13.740741 24.209.174.0:4659 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5668729B  Ack: 0x8695B7F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.381890 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x578745E6  Ack: 0x86D42E74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.703756 24.209.174.0:1040 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31369 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57912F17  Ack: 0x86B91879  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.051015 24.209.174.0:1054 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x579D524B  Ack: 0x86EF4F09  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.346696 24.209.174.0:1068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31470 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57A992EF  Ack: 0x8720F952  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.628153 24.209.174.0:1082 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31513 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B46924  Ack: 0x869B6FE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.193929 24.209.174.0:1204 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x581CB0EF  Ack: 0x86D18DD2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.449154 24.209.174.0:1211 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31994 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58220725  Ack: 0x87A56117  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.674451 24.209.174.0:1218 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32025 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x58279B01  Ack: 0x8782968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:38.167375 24.209.174.0:1505 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32903 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x591DE8F2  Ack: 0x8756E683  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:52.425561 24.209.191.91:4146 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37734 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2139606  Ack: 0xE4924DE9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.048159 24.209.191.91:4167 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37821 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x226C452  Ack: 0xE43040DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.548397 24.209.191.91:4179 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37881 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2313120  Ack: 0xE47286DE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.082108 24.209.191.91:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37961 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x23E425B  Ack: 0xE4C05727  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.669769 24.209.191.91:4215 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24E44CC  Ack: 0xE4F2FD34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:05:55.162912 24.209.191.91:4234 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38115 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x25E388C  Ack: 0xE4451896  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:06:04.589679 24.209.191.91:4544 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39509 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x363DC25  Ack: 0xE521FB99  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.093175 24.209.191.91:4818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40795 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4512ABD  Ack: 0xE55C3004  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.629291 24.209.191.91:4834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40878 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45ED66F  Ack: 0xE54AE616  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:23.981386 24.209.191.91:1217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42510 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B6126  Ack: 0xE632D75A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:24.198869 24.209.191.91:1226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42564 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x583750A  Ack: 0xE6B8AC24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:27.803275 24.209.191.91:1345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43128 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5E79CE9  Ack: 0xE619BC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.125639 24.209.191.91:1359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5F25110  Ack: 0xE6D0B68E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.397008 24.209.191.91:1368 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F9E7DD  Ack: 0xE6347C55  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.688320 24.209.191.91:1380 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43289 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x603B7C0  Ack: 0xE70A6FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.920097 24.209.191.91:1389 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x60BE3F7  Ack: 0xE6980AA6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:45:47.244712 24.162.194.218:4164 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC746CF76  Ack: 0x7AA9AD3C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:18.700107 24.114.84.143:4623 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:46847 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A55A7A1  Ack: 0xC40EF734  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:19.440359 24.114.84.143:4648 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:47343 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2A6C17DC  Ack: 0xC44196EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:19.668130 24.114.84.143:4660 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:47473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2A75A191  Ack: 0xC3F0297B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:29.158409 24.114.84.143:4915 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:53323 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2B57B933  Ack: 0xC4F9B096  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:32.117820 24.114.84.143:4915 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:55195 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2B57B933  Ack: 0xC4F9B096  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:32.670525 24.114.84.143:3031 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:55512 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2BB77759  Ack: 0xC51FEB23  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:05:39.342392 24.114.84.143:3151 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56836 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2C1CA7F0  Ack: 0xC514D1F7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:05:39.579138 24.114.84.143:3248 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56866 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2C6DA7C1  Ack: 0xC4DEE2B1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:46.270314 24.114.84.143:3374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:57657 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2CD2BE3D  Ack: 0xC5F4261E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:46.480114 24.114.84.143:3502 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:57697 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D3A0F5C  Ack: 0xC5BC5BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.052992 24.114.84.143:3613 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58294 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D96D290  Ack: 0xC5A35E71  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.311521 24.114.84.143:3620 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58307 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D9D0E1B  Ack: 0xC5863ABF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.575100 24.114.84.143:3626 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58335 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2DA270F5  Ack: 0xC58BF31F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.841940 24.114.84.143:3638 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58364 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2DACEFB4  Ack: 0xC68365AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.058521 24.114.84.143:3647 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58383 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DB40247  Ack: 0xC671A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.239187 24.114.84.143:3654 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58401 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2DB8CF7C  Ack: 0xC616C64E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.469946 24.114.84.143:3665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58425 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DC0B600  Ack: 0xC6002A3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:17:19.238602 24.209.196.254:3007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15995 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14A4BDEF  Ack: 0xF232CA7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:17:19.246747 24.209.196.254:3007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15996 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14A4C3A3  Ack: 0xF232CA7C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:41.084196 24.209.191.91:2323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:371 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x586A8262  Ack: 0x52476095  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:44.705966 24.209.191.91:2408 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:856 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x58B5BFD8  Ack: 0x51B49F0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:54.103416 24.209.191.91:2673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:2224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x599B4927  Ack: 0x52C19855  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.329390 24.209.191.91:2946 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3583 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5A890C83  Ack: 0x538FB5A6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.631152 24.209.191.91:2953 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3619 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5A8F56E0  Ack: 0x53A0BC93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:03.885347 24.209.191.91:2958 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3660 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A93F9A2  Ack: 0x52EEC2DA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:04.144198 24.209.191.91:2963 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3702 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A980D84  Ack: 0x53878BF8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.427891 24.209.191.91:2970 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3753 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5A9E2222  Ack: 0x52C28BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.712544 24.209.191.91:2980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AA66947  Ack: 0x535A9085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.976670 24.209.191.91:2984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AAA8D1C  Ack: 0x53B203BA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:05.226058 24.209.191.91:2991 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AB06071  Ack: 0x53641690  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:08.531046 24.209.191.91:3070 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AF3DAC7  Ack: 0x53C873E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:17.931469 24.209.191.91:3327 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5585 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5BCF0325  Ack: 0x544D92B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.222616 24.209.191.91:3338 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5638 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BD7FA26  Ack: 0x54439209  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.489036 24.209.191.91:3350 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5681 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5BE27B6B  Ack: 0x53AD287F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.778512 24.209.191.91:3358 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BE9C736  Ack: 0x5420E079  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:09:50.834461 66.196.65.24:64265 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:43932 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5759F0E2  Ack: 0xB85DF2B2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:56.959830 24.209.174.0:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15315 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBB0123AF  Ack: 0x2DA02A7D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.399492 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15382 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBB17509A  Ack: 0x2D6DB565  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.687966 24.209.174.0:1042 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15427 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB2185FC  Ack: 0x2D679B27  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.307976 24.209.174.0:1150 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15768 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB7F2C02  Ack: 0x2D98BD6F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.548727 24.209.174.0:1163 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15799 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB8A0A98  Ack: 0x2D7EB488  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.309189 24.209.174.0:1287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16239 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBBF5BE81  Ack: 0x2E2E3AE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.722488 24.209.174.0:1307 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16303 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC06C983  Ack: 0x2E119AA3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:09.222757 24.209.174.0:1447 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC7C814D  Ack: 0x2DDEC713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:18.678375 24.209.174.0:1748 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:17749 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8245E5  Ack: 0x2EA181D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:28.329383 24.209.174.0:2069 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:18778 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBE94B919  Ack: 0x2EE8601D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:37.860305 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19652 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF893E84  Ack: 0x2F80299C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.102779 24.209.174.0:2358 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8E4E9F  Ack: 0x300669E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.339335 24.209.174.0:2364 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19683 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBF93B172  Ack: 0x2F85E7FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.596978 24.209.174.0:2368 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF96EE77  Ack: 0x2FEC348E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.865389 24.209.174.0:2373 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBF9BC1BE  Ack: 0x2FF6C402  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:39.118563 24.209.174.0:2382 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19742 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBFA3F4BB  Ack: 0x2F8AF27D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:16.247674 24.209.113.11:1353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36467 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x138A4729  Ack: 0x4C7049E5  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.007411 24.209.113.11:1631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37793 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x147D9ED7  Ack: 0x4C299B1B  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.383418 24.209.113.11:1639 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37855 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14843664  Ack: 0x4D15DB48  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.828712 24.209.113.11:1654 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37909 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14903BD9  Ack: 0x4C6384E8  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:27.316970 24.209.113.11:1670 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37988 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x149D38E8  Ack: 0x4C9E6307  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:49:30.826594 24.209.113.11:1760 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38420 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x14EBE834  Ack: 0x4CA0FA50  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:49:41.071237 24.209.113.11:2038 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39781 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15DDDD75  Ack: 0x4E114753  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:51.025343 24.209.113.11:2322 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41106 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x16D02F87  Ack: 0x4F109034  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:50:16.272326 24.209.113.11:3037 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x193FEB5F  Ack: 0x5084878E  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:56:59.753251 24.209.113.11:3786 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36025 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4390B11C  Ack: 0x6B13CAD9  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:00.243774 24.209.113.11:3874 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36103 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43DE5097  Ack: 0x6A7E94C7  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:00.844554 24.209.113.11:3888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36167 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43EA8271  Ack: 0x6AA83206  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:01.609100 24.209.113.11:3909 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36244 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43FBC012  Ack: 0x6B3C7299  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:02.077505 24.209.113.11:3930 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x440E21F7  Ack: 0x6B356ADC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:57:02.885954 24.209.113.11:3944 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36380 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44194B37  Ack: 0x6B1636C5  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:57:03.465151 24.209.113.11:3965 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x442B52BA  Ack: 0x6AB9215D  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:04.055755 24.209.113.11:3981 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36544 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4439EFBA  Ack: 0x6AEAA028  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:04.648396 24.209.113.11:3998 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36609 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4447F6EA  Ack: 0x6B5E7137  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:08.780225 24.209.113.11:4100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x449F98A5  Ack: 0x6B2CDC13  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:13.088716 24.209.113.11:4131 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37467 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44BC1152  Ack: 0x6B1EA7C9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:13.860999 24.209.113.11:4228 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37546 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4510299B  Ack: 0x6BEBC387  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:17.794525 24.209.113.11:4248 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37951 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4520F0A2  Ack: 0x6B74F0A9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:18.230163 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38030 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C  Ack: 0x6B72F1F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:21.323430 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38377 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C  Ack: 0x6B72F1F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:21.950767 24.209.113.11:4444 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38445 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x45CFF4C4  Ack: 0x6BD89825  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:22.633663 24.209.113.11:4460 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38532 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45DE245C  Ack: 0x6C40AB3E  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:10:23.053061 24.168.247.208:3986 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51428 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E3DFDBC  Ack: 0x9CE030E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:10:23.058113 24.168.247.208:3986 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51429 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E3E0370  Ack: 0x9CE030E5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:14:53.730053 218.27.203.97:1840 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:28351 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF3A50D0  Ack: 0xADE4AEF2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:14:58.822982 218.27.203.97:1840 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:28793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF3A4B1C  Ack: 0xADE4AEF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-00:36:04.334164 66.196.65.24:43505 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39336 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB356DBD4  Ack: 0xFDE1C7A2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:52:58.840095 24.25.215.4:1273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62582BA7  Ack: 0x3E1825BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:52:58.954586 24.25.215.4:1273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258315B  Ack: 0x3E1825BA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:05:54.824824 24.161.94.61:4659 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24227 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x45ACF053  Ack: 0x50BB1B35  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:05:57.262315 24.161.94.61:4718 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24432 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45DFA99F  Ack: 0x50879C73  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:09.014247 24.161.94.61:1062 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:25417 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46F7E547  Ack: 0x52661FE3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:20.325339 24.161.94.61:1395 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4817F43A  Ack: 0x53BAB57D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:22.579236 24.161.94.61:1443 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26523 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4842A2B5  Ack: 0x53C7D26F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-02:06:27.440390 24.161.94.61:1591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26888 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48C3F08B  Ack: 0x53C7734A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-02:06:29.650551 24.161.94.61:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27032 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48F04E27  Ack: 0x53DC3C23  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:31.922461 24.161.94.61:1697 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27212 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x491FEEBD  Ack: 0x5418E4B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:42.843878 24.161.94.61:2001 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A23FD92  Ack: 0x545A64E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:48.289165 24.161.94.61:2131 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A98F2CD  Ack: 0x5485D291  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:53.729892 24.161.94.61:2260 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28723 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0ADA3D  Ack: 0x556B5D43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:55.935349 24.161.94.61:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B3C21A0  Ack: 0x55A6A8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:58.192815 24.161.94.61:2378 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B744394  Ack: 0x55558C2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:00.211439 24.161.94.61:2430 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29155 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BA0897F  Ack: 0x5603ED84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:01.406583 24.161.94.61:2479 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29244 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4BCD1C8F  Ack: 0x55AE06DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:06.719947 24.161.94.61:2608 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C3E0430  Ack: 0x560F4D3E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:03.277714 24.209.174.0:2768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27316 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEE296E5C  Ack: 0x5EBE8547  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:12.939788 24.209.174.0:3057 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28228 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF26A05F  Ack: 0x5EEA4DAE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.178494 24.209.174.0:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF2F2C02  Ack: 0x5EF716BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.387948 24.209.174.0:3078 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF37DF4D  Ack: 0x5EABB055  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.626844 24.209.174.0:3082 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28279 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF3CA53F  Ack: 0x5F3E5C93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.334367 24.209.174.0:3366 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF035134C  Ack: 0x600A5BCB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.660859 24.209.174.0:3385 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29204 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF044CB70  Ack: 0x60042FE7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:23.964726 24.209.174.0:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF04EA7B5  Ack: 0x5FB80EC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.480981 24.209.174.0:3692 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30127 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF14D95F9  Ack: 0x5FFC3013  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.719067 24.209.174.0:3699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30150 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF152BEF2  Ack: 0x5FFDCC03  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.989373 24.209.174.0:3707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30172 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF158D4B6  Ack: 0x5FD1B373  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:34.196714 24.209.174.0:3713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30188 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF15DC0EF  Ack: 0x601FB2E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:43.777666 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF25E71FF  Ack: 0x60C7FB9A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.083375 24.209.174.0:4019 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF264EDC1  Ack: 0x614A3A95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.392625 24.209.174.0:4034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31164 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF270DD66  Ack: 0x6094F5E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.630524 24.209.174.0:4047 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31200 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27C8249  Ack: 0x613D44DF  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:32.666273 24.209.174.0:3971 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14217 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAF04CDBC  Ack: 0xD88B534B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.023573 24.209.174.0:3984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF0F74AB  Ack: 0xD861DC10  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.241765 24.209.174.0:3997 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF1A9AB6  Ack: 0xD8A62BA5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.507460 24.209.174.0:4008 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14319 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF242AAD  Ack: 0xD8AC45CD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.726315 24.209.174.0:4018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF2C8606  Ack: 0xD8EC4CF9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:33.976004 24.209.174.0:4026 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14365 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF33B63A  Ack: 0xD8B8A401  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:34.208985 24.209.174.0:4038 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14396 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF3D2FFB  Ack: 0xD88D24EF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:43.805905 24.209.174.0:4296 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB02093BF  Ack: 0xD92E3C0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.014504 24.209.174.0:4300 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02516D8  Ack: 0xD96AF770  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.248072 24.209.174.0:4311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02DD3AF  Ack: 0xD90ABFA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.470780 24.209.174.0:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15155 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB031F5FF  Ack: 0xD9BA432E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.742018 24.209.174.0:4326 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03B229F  Ack: 0xD9AD009E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.971696 24.209.174.0:4332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15193 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB040CC52  Ack: 0xD8E7C569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:45.183203 24.209.174.0:4337 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0451F1F  Ack: 0xD95FE380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.359287 24.209.174.0:4341 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15382 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB0488C47  Ack: 0xD9B0CF1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.583566 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:51.585463 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15571 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:57.680298 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:50.942667 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:50.962503 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39763 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F3231  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:53.882543 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40347 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:59.887913 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41485 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:27.949163 24.209.174.0:4819 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37023 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE818BFB8  Ack: 0x7CB7ADA9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:28.403424 24.209.174.0:4830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37080 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE8231F22  Ack: 0x7C94FA32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:37.936409 24.209.174.0:1158 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37980 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE92D7C2B  Ack: 0x7CECA892  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.151241 24.209.174.0:1164 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9328ADF  Ack: 0x7D95DE7F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.382597 24.209.174.0:1168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE936816E  Ack: 0x7DBEFCC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:47.824741 24.209.174.0:1434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38730 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1B32B3  Ack: 0x7E3AA690  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:48.030184 24.209.174.0:1440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38743 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1FF4CB  Ack: 0x7DF1CA04  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.233094 24.209.174.0:1444 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38760 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEA24449E  Ack: 0x7E23ECAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.452050 24.209.174.0:1449 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38781 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA28C537  Ack: 0x7E5D990F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.010750 24.209.174.0:1679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAF86BBB  Ack: 0x7EB1378F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.222531 24.209.174.0:1686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAFE273B  Ack: 0x7EB2C1E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.484343 24.209.174.0:1691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB032C0B  Ack: 0x7EBE8FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.695125 24.209.174.0:1699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39412 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEB09F403  Ack: 0x7E32B784  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.918363 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:01.866243 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39791 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:02.139662 24.209.174.0:1826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39823 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEB7461AC  Ack: 0x7EAD15D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:11.722375 24.209.174.0:2152 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC911A0A  Ack: 0x7F5D28E0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.250589 24.209.174.0:3348 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C1954A5  Ack: 0x8ADDA06  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.584929 24.209.174.0:3357 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20576 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C21AFD1  Ack: 0x86719EA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:35.213992 24.209.174.0:3469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20872 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C804367  Ack: 0x93DC50E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:44.843411 24.209.174.0:3739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:21755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D778B94  Ack: 0x9A218EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:54.450475 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22460 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E5AA871  Ack: 0xA6D06F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:33:54.688358 24.209.174.0:4013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22472 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E600417  Ack: 0x9797147  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:34:07.438477 24.209.174.0:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23275 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5F2888D2  Ack: 0xAC76C53  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:17.003550 24.209.174.0:4558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23937 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6043A889  Ack: 0xBA04E51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:26.521934 24.209.174.0:4874 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61515A7E  Ack: 0xC58C898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:30.201704 24.209.174.0:4985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61B2F3F4  Ack: 0xC845B0C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.069075 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26317 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x629D0A51  Ack: 0xE4816B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.344304 24.209.174.0:1396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62FA3915  Ack: 0xF512149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.555536 24.209.174.0:1405 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26381 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x630048FC  Ack: 0xF5478CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.776773 24.209.174.0:1410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26399 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63051696  Ack: 0xE77713F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.983702 24.209.174.0:1417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26416 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x630AFB4B  Ack: 0xEF423BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:44.225609 24.209.174.0:1424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63111ADE  Ack: 0xE966C5C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:04.818257 24.157.153.204:2320 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48455 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9B42D347  Ack: 0xC4493A01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:20.807227 24.157.153.204:2686 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49849 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9C8FDD72  Ack: 0xC607F8C3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:24.003581 24.157.153.204:2787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:50146 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CE720E9  Ack: 0xC56FDF80  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:28.191300 24.157.153.204:2870 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:50490 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D35CEE3  Ack: 0xC5E16D72  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.272646 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E72C11  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.291401 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E731C5  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:52.768141 24.209.174.0:1271 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12627 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4E7B7099  Ack: 0x3931D212  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.147931 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12660 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4E834569  Ack: 0x393ACCFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.381250 24.209.174.0:1289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E89F657  Ack: 0x38A33292  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:57.116397 24.209.174.0:1311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E9BF5E0  Ack: 0x3932FAC2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:00.782617 24.209.174.0:1484 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13159 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4F324D66  Ack: 0x398C82A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:01.020130 24.209.174.0:1493 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13178 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4F3A19CC  Ack: 0x39C0DAE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:10.685727 24.209.174.0:1803 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50441B80  Ack: 0x39ADAE42  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:10.944471 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14264 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5050362C  Ack: 0x3A1150EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.176153 24.209.174.0:1825 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14294 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5055BFD4  Ack: 0x3A76E732  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.432895 24.209.174.0:1836 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14327 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x505ED8A0  Ack: 0x3A235ECF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.660299 24.209.174.0:1841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5063739C  Ack: 0x39CAB81D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.889990 24.209.174.0:1849 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x506A0BBB  Ack: 0x3A76A6B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:12.125005 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14406 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.069263 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.515085 24.209.174.0:1959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50C8712D  Ack: 0x3A484058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.786669 24.209.174.0:1967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14732 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x50D0696C  Ack: 0x3A96D32B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:16.022905 24.209.174.0:1982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14768 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50DC00FE  Ack: 0x3A7DC478  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.520963 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE019A3  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.547580 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE01F57  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.832739 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15578 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AE7E7  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.852969 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AED9B  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.217278 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2935  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.235928 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2EE9  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-12:16:40.498011 209.237.238.173:41503 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:34114 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x44D806F5  Ack: 0x544CBB33  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 300647360 2017053798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-13:17:57.475036 209.237.238.173:57103 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:26943 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x2CA776C4  Ack: 0x3BF5BE61  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 301015052 2018937073 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.042785 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADCBEA  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.061600 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADD19E  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:11:22.206833 24.209.44.83:3455 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x867DAECE  Ack: 0x67E966C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:11:22.239086 24.209.44.83:3455 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x867DB482  Ack: 0x67E966C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:25:06.643899 24.145.209.157:1854 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB21A4DD3  Ack: 0x3937BDA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:25:06.655376 24.145.209.157:1854 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2741 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB21A5387  Ack: 0x3937BDA0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.502338 24.209.174.0:2456 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56742 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x82DCB47A  Ack: 0x4D6996BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.890218 24.209.174.0:2463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56788 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x82E33F92  Ack: 0x4D293335  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.096137 24.209.174.0:2466 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56817 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82E6BAA6  Ack: 0x4D98D031  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.335705 24.209.174.0:2471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82EAFB40  Ack: 0x4E07D0F3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.585107 24.209.174.0:2481 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56890 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x82F424ED  Ack: 0x4D82E08E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:28.810220 24.209.174.0:2485 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82F7C3FB  Ack: 0x4D5513BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:38.397219 24.209.174.0:2739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58344 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x83D80C78  Ack: 0x4DD10DC9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:38.702956 24.209.174.0:2752 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58390 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x83E36272  Ack: 0x4E278DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.030238 24.209.174.0:2760 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58442 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83EB1B28  Ack: 0x4DF569AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.311509 24.209.174.0:2773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83F629BD  Ack: 0x4EAEBA3A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.571200 24.209.174.0:2783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83FD6BDB  Ack: 0x4E792EE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.869654 24.209.174.0:2793 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58578 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8405E07D  Ack: 0x4DF6710D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.162604 24.209.174.0:2798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58626 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x840AE20F  Ack: 0x4E3C4EE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.430002 24.209.174.0:2808 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58670 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841175EE  Ack: 0x4E2402D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.691269 24.209.174.0:2817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8418315A  Ack: 0x4DCEA5CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.997266 24.209.174.0:2827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841F50AF  Ack: 0x4E564B96  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:44.757269 24.209.174.0:3930 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53691 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE64A8BD5  Ack: 0x2DA831AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.119654 24.209.174.0:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53716 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6522B0A  Ack: 0x2DF2A6F8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.330777 24.209.174.0:3942 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE655772F  Ack: 0x2DCE0C00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.550117 24.209.174.0:3951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53758 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE65D7DBB  Ack: 0x2E092F8B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.769444 24.209.174.0:3960 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53787 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE6651D60  Ack: 0x2D44B802  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.353264 24.209.174.0:4233 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54583 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7522357  Ack: 0x2F94E3D5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.583182 24.209.174.0:4240 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54605 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7577686  Ack: 0x2F7F0BAF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:55.796859 24.209.174.0:4251 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54629 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE760C68E  Ack: 0x2F9FABA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:08.576895 24.209.174.0:4556 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE87443C3  Ack: 0x2F9A2E7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.082057 24.209.174.0:4649 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C50989  Ack: 0x2FF4F6CD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.363140 24.209.174.0:4678 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8DAD7F4  Ack: 0x2FB7D61A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.562554 24.209.174.0:4691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8E4859E  Ack: 0x309650DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.825787 24.209.174.0:4701 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56137 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE8EC798C  Ack: 0x302CEF36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.035102 24.209.174.0:4707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8F22016  Ack: 0x30276E36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.262849 24.209.174.0:4713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56169 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE8F6C36F  Ack: 0x2FCD0940  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.478034 24.209.174.0:4718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56184 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8FB0607  Ack: 0x2FC73DB1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:36.734160 24.209.174.0:1153 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4001 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF7D01D13  Ack: 0x386B31C0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.453468 24.209.174.0:1489 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5052 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8EAC693  Ack: 0x39E914A6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.761768 24.209.174.0:1501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8F49BAF  Ack: 0x38FC7C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.052931 24.209.174.0:1511 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8FE4E8E  Ack: 0x39B0B379  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.318909 24.209.174.0:1525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5189 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF90A0883  Ack: 0x391F2282  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:56.916006 24.209.174.0:1807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9FF6A55  Ack: 0x39D7139C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:57.203016 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6120 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA08F38D  Ack: 0x39C8EEBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:57.463093 24.209.174.0:1830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6160 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA140B94  Ack: 0x399F16BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:07.029531 24.209.174.0:2086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6879 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAF36DE0  Ack: 0x3B13F26C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:16.654643 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7598 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBD92238  Ack: 0x3AD385EA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.109580 24.209.174.0:2457 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7898 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC3154F2  Ack: 0x3B148FBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.361750 24.209.174.0:2464 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7921 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC375ABA  Ack: 0x3BCBD5AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.025165 24.209.174.0:2584 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8342 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFC9F4132  Ack: 0x3B9DE1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.359867 24.209.174.0:2597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8394 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCAA3241  Ack: 0x3B631863  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.709302 24.209.174.0:2615 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8450 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCB87228  Ack: 0x3BCA1566  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:25.035061 24.209.174.0:2628 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCC4AA45  Ack: 0x3BEB9791  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:39:23.425134 24.209.98.148:2959 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC608C2C7  Ack: 0x51AC4352  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:39:23.435867 24.209.98.148:2959 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC608C87B  Ack: 0x51AC4352  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:05.793817 24.209.174.0:4681 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26426 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x53E6355A  Ack: 0x6F405AC2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:06.294377 24.209.174.0:4694 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26500 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x53F19914  Ack: 0x6F82F868  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:10.350900 24.209.174.0:4827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54633123  Ack: 0x6F787D6A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:13.885864 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:16.983249 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:17.559218 24.209.174.0:1090 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28194 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5530E478  Ack: 0x700B9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:17.841673 24.209.174.0:1100 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55393D65  Ack: 0x70A620B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:18.088712 24.209.174.0:1105 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28247 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x553E30FD  Ack: 0x7004B46F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.343814 24.209.174.0:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28273 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5542DDA1  Ack: 0x700344FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.614277 24.209.174.0:1125 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x554F3A0A  Ack: 0x707F788A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.191947 24.209.174.0:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55AB78B1  Ack: 0x7060BE47  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.437903 24.209.174.0:1239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28795 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B234BF  Ack: 0x70BCEF9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.661174 24.209.174.0:1246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B7BA37  Ack: 0x7046BA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.914738 24.209.174.0:1255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28848 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x55BF6850  Ack: 0x7070AF84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.125684 24.209.174.0:1259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28864 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55C3A9AA  Ack: 0x70BA21F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.382143 24.209.174.0:1264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28887 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55C806E1  Ack: 0x70CB8741  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.624127 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28923 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55D4F5D3  Ack: 0x70D2EF3B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:19.678054 24.209.174.0:3092 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56526 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC670258  Ack: 0xA53C516A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.067678 24.209.174.0:3096 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC6BB216  Ack: 0xA5BB3B6A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.292654 24.209.174.0:3104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC735963  Ack: 0xA5639F71  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.731683 24.209.174.0:3210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACCBF275  Ack: 0xA6512C54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.967278 24.209.174.0:3217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xACD293C7  Ack: 0xA5E7377F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:24.216694 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57009 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACDAEE1E  Ack: 0xA5E2A757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:33.686810 24.209.174.0:3471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57855 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xADB153E0  Ack: 0xA6D661F7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:33.946667 24.209.174.0:3479 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57885 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xADB8849E  Ack: 0xA683B50A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.626483 24.209.174.0:3581 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58270 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE128C25  Ack: 0xA69DE665  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.827629 24.209.174.0:3591 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE1B74EC  Ack: 0xA679AEF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:47.358791 24.209.174.0:3860 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0AE8F3  Ack: 0xA75CAE2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:56.997391 24.209.174.0:4111 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFE5FFDF  Ack: 0xA7F6938E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:06.612727 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61000 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:09.601865 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61283 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.017135 24.209.174.0:4508 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61318 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB13B09A6  Ack: 0xA838CB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.236151 24.209.174.0:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61342 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB13FF6FD  Ack: 0xA903B0CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.449728 24.209.174.0:4517 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB143A265  Ack: 0xA8319FF4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:09:14.596446 24.98.123.239:4302 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8956B38A  Ack: 0xC30A12DF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:10:40.269785 80.58.5.44:48533 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:2666 IpLen:20 DgmLen:432 DF
***AP*** Seq: 0xB91478CC  Ack: 0xC8386669  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 548303543 2024244652 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:15:52.360987 24.209.98.148:4227 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6879 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AC324A9  Ack: 0xDBD2CE9F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:15:52.373009 24.209.98.148:4227 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6880 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AC32A5D  Ack: 0xDBD2CE9F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:40.905657 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x183C504C  Ack: 0xE66F9904  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.256077 24.209.174.0:3238 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38409 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1845BA4C  Ack: 0xE70CF69C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.522890 24.209.174.0:3245 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38446 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x184C0B1F  Ack: 0xE6FC735F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.070671 24.209.174.0:3280 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x18689091  Ack: 0xE6BA3306  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.328540 24.209.174.0:3292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18727C1E  Ack: 0xE6C7B6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.565808 24.209.174.0:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38585 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x18758B58  Ack: 0xE68734BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.787267 24.209.174.0:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38613 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x187B572F  Ack: 0xE72866F9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:43.002201 24.209.174.0:3312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38640 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x18836099  Ack: 0xE65DB1EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.628395 24.209.174.0:3398 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18CE19AF  Ack: 0xE6D67D12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.972611 24.209.174.0:3429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18E614E0  Ack: 0xE770DC25  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:47.262194 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:50.246691 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:51.035263 24.209.174.0:3537 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39488 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1947824D  Ack: 0xE6EEAB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.538696 24.209.174.0:3630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x199A3A37  Ack: 0xE7157258  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.841176 24.209.174.0:3638 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19A0FA82  Ack: 0xE7AA086E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.094096 24.209.174.0:3646 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39824 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19A89812  Ack: 0xE79FD184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.311770 24.209.174.0:3651 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19ADD1D9  Ack: 0xE77BAD33  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:19:38.313895 24.209.44.83:4045 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3664E4CD  Ack: 0xE9F0FBBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:19:38.345122 24.209.44.83:4045 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3664EA81  Ack: 0xE9F0FBBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:29:16.348970 24.209.44.83:4484 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6731C562  Ack: 0xF06A42A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:29:16.380877 24.209.44.83:4484 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1214 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6731CB16  Ack: 0xF06A42A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:34:56.149944 24.209.98.148:2819 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57930 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x831850C  Ack: 0x237F74E6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:34:56.190233 24.209.98.148:2819 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57931 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8318AC0  Ack: 0x237F74E6  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:45:34.615342 24.209.125.171:3858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38066523  Ack: 0x4BFEBD2C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:45:34.623996 24.209.125.171:3858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38066AD7  Ack: 0x4BFEBD2C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.947828 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9985DC5  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.968587 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50351 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9986379  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:19:12.693029 209.237.238.172:56658 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:20872 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x80B23D80  Ack: 0x90C9EFEC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 303197445 2030038725 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:49:51.186722 24.209.44.83:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20642 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1012D65D  Ack: 0x43389F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:49:51.220075 24.209.44.83:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1012DC11  Ack: 0x43389F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:57:55.281574 24.34.91.29:1082 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:29119 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9D50208F  Ack: 0x22A0A892  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:57:56.365791 24.34.91.29:1190 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:29207 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9DAAD316  Ack: 0x238AEB6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:06.278437 24.34.91.29:1431 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:30235 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9E7D8721  Ack: 0x238F9E62  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:15.963081 24.34.91.29:1677 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31236 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9F58BE51  Ack: 0x24A18B46  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:25.830050 24.34.91.29:1962 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32494 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA04CAD18  Ack: 0x24BAF158  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:58:39.000381 24.34.91.29:2229 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:157
***AP*** Seq: 0xA139C00E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:58:39.333215 24.34.91.29:2342 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:34097 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA19AA76E  Ack: 0x25C4EC62  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:58.045736 24.34.91.29:2604 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36221 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA27FC47E  Ack: 0x26280D64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:01.675283 24.34.91.29:2845 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36573 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA35828A8  Ack: 0x270EE686  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:11.495755 24.34.91.29:3146 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:37670 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA466D410  Ack: 0x27857227  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:21.465903 24.34.91.29:3415 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:38814 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA54C8F13  Ack: 0x281DC0F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:31.419950 24.34.91.29:3655 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA61BCF13  Ack: 0x28D5FD9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:41.179189 24.34.91.29:3662 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40968 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6248217  Ack: 0x287A6A9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:41.909193 24.34.91.29:3917 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7057B98  Ack: 0x29A3F8E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:19.535591 24.203.122.222:3035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38368 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x49D14933  Ack: 0xD6C1F7B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:24.672868 24.203.122.222:3063 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39006 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x49EF27E5  Ack: 0xD6677784  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:29.854822 24.203.122.222:3251 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39568 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A8E4461  Ack: 0xD6F196B2  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:32.387725 24.203.122.222:3431 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4B18464A  Ack: 0xD7CA5CA4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:46.279615 24.203.122.222:3856 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41557 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C745CAA  Ack: 0xD7BE997A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-20:45:51.251172 24.203.122.222:4005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42126 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4CF67602  Ack: 0xD81A87A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:59:35.667122 24.100.74.154:4460 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11127 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A524109  Ack: 0xC00C510  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:59:35.859204 24.100.74.154:4460 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5246BD  Ack: 0xC00C510  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:15:27.405652 24.209.196.254:4927 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64F0CA  Ack: 0x476B1641  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:15:27.413733 24.209.196.254:4927 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42781 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64F67E  Ack: 0x476B1641  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:47:06.500861 24.209.196.254:1797 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D0A90B3  Ack: 0xBE40EA41  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-22:05:54.037896 24.209.44.83:4261 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6068C3E  Ack: 0x6547B92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-22:05:54.077504 24.209.44.83:4261 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60691F2  Ack: 0x6547B92  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-22:54:11.549527 209.237.238.158:4018 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:6857 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x1829F409  Ack: 0xBC6F288D  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 901331680 2036645282 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:29.863726 24.127.15.16:2871 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39739 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x616A86E3  Ack: 0xAF008610  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:30.617221 24.127.15.16:2911 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39844 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x618C3966  Ack: 0xAF3730FF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:30.940091 24.127.15.16:2928 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39892 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x619A1DD3  Ack: 0xAEC4107F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:31.261176 24.127.15.16:2949 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39948 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61AA231B  Ack: 0xAE9E2279  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:31.599554 24.127.15.16:2975 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40019 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61BF7827  Ack: 0xAF6AEF83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-03:21:31.962394 24.127.15.16:2999 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40098 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61D18CC7  Ack: 0xAF4CA47F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-03:21:32.276037 24.127.15.16:3034 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40175 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61ED4034  Ack: 0xAF1B4837  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:45.183641 24.127.15.16:3744 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:42977 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6415EA26  Ack: 0xAFEB177C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:54.824838 24.127.15.16:4634 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44819 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66D65D4F  Ack: 0xB06B7515  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.146346 24.127.15.16:4658 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44883 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66E76B1A  Ack: 0xB0447301  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.530042 24.127.15.16:4673 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44919 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66F32928  Ack: 0xAFFF0CA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.892141 24.127.15.16:4692 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44981 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x670238F9  Ack: 0xB0BF1419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:56.229339 24.127.15.16:4707 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45035 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x670E594E  Ack: 0xB01FB5B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:56.597546 24.127.15.16:4741 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45115 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672825F5  Ack: 0xB007769D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:59.579579 24.127.15.16:4741 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672825F5  Ack: 0xB007769D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:22:00.120048 24.127.15.16:4978 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45722 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67E304AD  Ack: 0xB10DB3EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:22:00.470128 24.127.15.16:1028 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45788 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67F516FE  Ack: 0xB0903ECD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.696484 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC8277  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.716715 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC882B  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:35:59.223488 24.218.174.97:3814 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:23293 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CE73EBD  Ack: 0xC7CF061E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:35:59.232453 24.218.174.97:3814 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:23294 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CE74471  Ack: 0xC7CF061E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:06.605152 24.114.19.203:4080 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11579DD0  Ack: 0x1BEFD53E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:09.295326 24.114.19.203:4112 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47869 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11790762  Ack: 0x1BE88871  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:20.611829 24.114.19.203:4260 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48511 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1213CBDC  Ack: 0x1C1F6FF0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:23.071964 24.114.19.203:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48637 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1232E76E  Ack: 0x1C09AC29  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:34.963194 24.114.19.203:4432 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49280 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12C8EAB1  Ack: 0x1D970679  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-04:58:47.011496 24.114.19.203:4587 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49968 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x136B2BD9  Ack: 0x1E351D88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-04:58:49.140130 24.114.19.203:4615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50098 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1388F595  Ack: 0x1E5B0EC9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:51.633884 24.114.19.203:4641 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50233 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x13A28E85  Ack: 0x1E76AE0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:00.608315 24.114.19.203:4721 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13F68408  Ack: 0x1F0C3B74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:02.880153 24.114.19.203:4790 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50873 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x143D5DD9  Ack: 0x1F309CFE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:05.446468 24.114.19.203:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51018 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1457A370  Ack: 0x1E93C12D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:07.548620 24.114.19.203:4849 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51145 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x147BA846  Ack: 0x1F408823  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:10.074806 24.114.19.203:4875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51289 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1495FE05  Ack: 0x1EE11DEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:12.124791 24.114.19.203:4925 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51418 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x14BA0CB9  Ack: 0x1F0887E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:14.587178 24.114.19.203:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x14D44904  Ack: 0x1FD5D0B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:26.473533 24.114.19.203:3136 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x156A0836  Ack: 0x20262B42  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.476623 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53281 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B43DC  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.522429 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B4990  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-05:15:18.516907 216.39.48.30:50715 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23610 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4D062ADF  Ack: 0x5BC62762  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 545486578 2048357323 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.696015 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A1FB2B  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.726251 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A200DF  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:41.058090 24.114.70.182:4251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7610 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA23B6935  Ack: 0x7571F93C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:41.547209 24.114.70.182:4256 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7624 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA240A428  Ack: 0x757C29B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:50.864518 24.114.70.182:4365 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA2B42186  Ack: 0x762C64F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:51.017825 24.114.70.182:4368 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7976 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA2B7A6A1  Ack: 0x75E77837  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:51.212278 24.114.70.182:4370 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7986 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA2B94B23  Ack: 0x763745C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-06:29:51.400151 24.114.70.182:4373 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7996 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA2BC1B11  Ack: 0x755DF413  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-06:30:01.231485 24.114.70.182:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8647 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3975FBE  Ack: 0x76A49061  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:01.553839 24.114.70.182:4628 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8658 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA3A31B2A  Ack: 0x760D1CDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:10.780687 24.114.70.182:4742 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4192BF4  Ack: 0x775388AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:20.087910 24.114.70.182:4962 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9565 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E22039  Ack: 0x77786AB4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:29.670562 24.114.70.182:1118 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10014 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5682BCA  Ack: 0x798C5D66  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.035514 24.114.70.182:1166 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10095 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5995B1F  Ack: 0x79382C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.197694 24.114.70.182:1170 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10106 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA59D6ADF  Ack: 0x79979A5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.462753 24.114.70.182:1171 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10113 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA59EC838  Ack: 0x78DA229B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.780980 24.114.70.182:1174 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10124 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5A1FD70  Ack: 0x791E50C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:43.227991 24.114.70.182:1378 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10554 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA65B5804  Ack: 0x79FF030A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:20:51.911449 24.98.69.172:4808 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34873 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE70CCD4F  Ack: 0x35DBD1B4  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:20:52.287707 24.98.69.172:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34898 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE7126F38  Ack: 0x36C83B39  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:01.573919 24.98.69.172:1187 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36110 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE837CE43  Ack: 0x371F187B  Win: 0x2238  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:11.093929 24.98.69.172:1485 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37121 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9348B14  Ack: 0x37E8A4B0  Win: 0x2238  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:11.639317 24.98.69.172:1501 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE940F616  Ack: 0x370DE2BE  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-07:21:21.168014 24.98.69.172:1793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38262 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA3BE5B2  Ack: 0x382B99F5  Win: 0x2238  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-07:21:31.035756 24.98.69.172:2048 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39198 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEB1FE90F  Ack: 0x38E2044D  Win: 0x2238  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:31.985907 24.98.69.172:2077 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39276 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEB357BA9  Ack: 0x38F1FE2F  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:32.762052 24.98.69.172:2091 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB42C8CD  Ack: 0x38EC6FB6  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:42.478599 24.98.69.172:2374 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:40436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC34CCDE  Ack: 0x39100543  Win: 0x2238  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:49.151219 24.98.69.172:2465 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC8536CC  Ack: 0x39CCF786  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:49.862689 24.98.69.172:2558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41163 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECD7B04E  Ack: 0x3A22D974  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:54.288540 24.98.69.172:2669 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41530 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED34AB49  Ack: 0x39970991  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:55.194750 24.98.69.172:2692 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41612 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED496C29  Ack: 0x39CB6D25  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:55.818761 24.98.69.172:2720 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED61B1A6  Ack: 0x39F2997B  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-08:16:05.161059 24.26.146.115:2936 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF931D35F  Ack: 0x838ED59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-08:16:05.167578 24.26.146.115:2936 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF931D913  Ack: 0x838ED59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-09:45:34.760628 12.148.209.198:14979 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:50655 IpLen:20 DgmLen:252 DF
***AP*** Seq: 0xBD212905  Ack: 0x59853B68  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396877962 2056662944 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1549:9] SMTP HELO overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/24-09:52:25.297703 216.109.87.234:46796 -> 192.168.1.6:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:46
***AP*** Seq: 0x7359D3E0  Ack: 0x632D89AF  Win: 0x21F0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10324][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0042]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-11:17:10.171486 24.93.250.160:4346 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:50668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3534677  Ack: 0xB3DC9FCF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-11:17:10.174273 24.93.250.160:4346 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:50669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3534C2B  Ack: 0xB3DC9FCF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:18:53.285052 24.209.229.123:2946 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17914 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9576444  Ack: 0x9CAA7795  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:18:53.317432 24.209.229.123:2946 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17915 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA95769F8  Ack: 0x9CAA7795  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:23:32.514057 24.209.98.148:4739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D7C5DBD  Ack: 0xAE01C89A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:23:32.548239 24.209.98.148:4739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D7C6371  Ack: 0xAE01C89A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:38:09.842817 209.237.238.174:48619 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:10922 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3EF6D7E  Ack: 0xE52BC8E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 309413862 2061966615 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:39:20.499059 209.237.238.175:42109 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:17870 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD830A9AA  Ack: 0xE9A203FB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 309128306 2062002825 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:884:8] WEB-CGI formmail access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:42:36.968162 200.61.163.73:2706 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:32397 IpLen:20 DgmLen:304 DF
***AP*** Seq: 0x208BCA2A  Ack: 0xF6B970C1  Win: 0x2058  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS226][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0172][Xref => http://www.securityfocus.com/bid/1187][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10076][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10782]

[**] [1:884:8] WEB-CGI formmail access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:42:36.968479 200.61.163.73:2707 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:32653 IpLen:20 DgmLen:303 DF
***AP*** Seq: 0x29F9FC3A  Ack: 0xF6A1C44A  Win: 0x2058  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS226][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0172][Xref => http://www.securityfocus.com/bid/1187][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10076][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10782]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:33:48.538972 24.209.229.123:1747 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26723 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6023B592  Ack: 0xB7F12724  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:33:48.574769 24.209.229.123:1747 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6023BB46  Ack: 0xB7F12724  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:04.727043 24.209.191.91:3963 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9457 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x656435E5  Ack: 0xE643FC7B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.192428 24.209.191.91:4016 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9652 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x658C3024  Ack: 0xE6014BE3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.525892 24.209.191.91:4037 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9750 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x659CDE0B  Ack: 0xE6D94D86  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:14.920890 24.209.191.91:4811 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12616 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x67FBC6DE  Ack: 0xE74C4A7D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:15.306175 24.209.191.91:4842 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12745 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6813AA59  Ack: 0xE785F9F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.617872 24.209.191.91:1751 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:15997 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AAB80EA  Ack: 0xE7C0D95F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.997840 24.209.191.91:1787 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:16088 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AC5EE51  Ack: 0xE7707AA9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.344238 24.209.191.91:2083 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6BA56A71  Ack: 0xE7979D1C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.636400 24.209.191.91:2101 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BB3DE32  Ack: 0xE7FD364F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:32.149712 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:18289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:38.731428 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:20531 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.370240 24.209.191.91:3221 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F0DFEF1  Ack: 0xE8B3652E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.652612 24.209.191.91:3237 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F1A1E4A  Ack: 0xE843BEE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:45.117540 24.209.191.91:3536 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22499 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6FF95F9E  Ack: 0xE91D73EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.253298 24.209.191.91:3536 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23456 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6FF95F9E  Ack: 0xE91D73EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.519851 24.209.191.91:3827 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23528 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70DBB9FE  Ack: 0xE92697C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.966134 24.209.191.91:3853 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23629 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x70EF9848  Ack: 0xE8E6A590  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:52.487430 24.209.191.91:4131 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24667 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x71C9140A  Ack: 0xE93D14C3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:47:08.898764 24.193.230.46:4764 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3297C93  Ack: 0xEA95090F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:47:08.951040 24.193.230.46:4764 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3298247  Ack: 0xEA95090F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:51.147751 24.209.191.91:3892 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:53544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2F7495F8  Ack: 0x15A08402  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:54.467887 24.209.191.91:4242 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54719 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x307EE86A  Ack: 0x164ECBF7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:54.819867 24.209.191.91:4270 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54791 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30942E12  Ack: 0x15F6CFCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:55.040908 24.209.191.91:4304 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54893 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30AD80ED  Ack: 0x161158EC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:55.341831 24.209.191.91:4331 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54962 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30C2EC40  Ack: 0x162292C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:58:55.602029 24.209.191.91:4354 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:55065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x30D53662  Ack: 0x166FB709  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:58:59.100873 24.209.191.91:4380 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x30EA1A75  Ack: 0x1641B1E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:59.420160 24.209.191.91:4694 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56116 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x31DD3925  Ack: 0x16ED9BDC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:59.821471 24.209.191.91:4722 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56214 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x31F38801  Ack: 0x16E49318  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:00.196609 24.209.191.91:4756 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56299 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x320C7AE8  Ack: 0x166F6EEC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:00.632251 24.209.191.91:4790 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56417 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x32261436  Ack: 0x16FCB3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.028927 24.209.191.91:2818 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62518 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3818B35E  Ack: 0x185A2B26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.247493 24.209.191.91:2839 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62558 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x382A2185  Ack: 0x17CF4D05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.483045 24.209.191.91:2858 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38388D4A  Ack: 0x17FF4912  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.749178 24.209.191.91:2877 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62649 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3847C535  Ack: 0x187049A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:26.017785 24.209.191.91:3203 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:63626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3941961E  Ack: 0x18863600  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:41.369300 24.209.191.91:1993 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:18329 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4C2361F9  Ack: 0x996A01DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:45.417783 24.209.191.91:2041 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:110
***AP*** Seq: 0x4C4639C6  Ack: 0x1AEF1482  Win: 0x0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:48.806940 24.209.191.91:2406 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:20641 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D5C6FA5  Ack: 0x99C881E4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:52.234347 24.209.191.91:2710 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E402CE1  Ack: 0x99E92B30  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:55.604578 24.209.191.91:3300 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4FFF960A  Ack: 0x9B0300A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-14:33:55.917150 24.209.191.91:3330 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22976 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50158A77  Ack: 0x9A9104B4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-14:33:56.235984 24.209.191.91:3356 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23079 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50292A3E  Ack: 0x9A657F16  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:56.605316 24.209.191.91:3386 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23200 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x503FF0AE  Ack: 0x9A8747B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:57.055911 24.209.191.91:3420 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x50598465  Ack: 0x9A62AE06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:00.328167 24.209.191.91:3705 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24258 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51345181  Ack: 0x9ADDCB3E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:00.710277 24.209.191.91:3727 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x514548A0  Ack: 0x9B2A3EA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:01.002850 24.209.191.91:3757 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x515CE988  Ack: 0x9B22C04E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.279738 24.209.191.91:4063 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25536 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5244BB7E  Ack: 0x9B599D8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.510464 24.209.191.91:4089 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25646 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5255B537  Ack: 0x9B63B0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.740043 24.209.191.91:4113 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25737 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5268A90B  Ack: 0x9AD57CB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:05.086257 24.209.191.91:4138 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x527B7742  Ack: 0x9B84A861  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.732202 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B326  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.754715 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B8DA  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.285943 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451837  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.336206 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451DEB  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:30:39.557872 24.209.196.254:2680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17D38102  Ack: 0x5482FD0E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:30:39.565802 24.209.196.254:2680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20898 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17D386B6  Ack: 0x5482FD0E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.712080 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14378C5F  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.763110 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14379213  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.949163 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36887 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CAB86F  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.974994 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36888 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CABE23  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.281781 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12D45B  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.338429 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12DA0F  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:31:24.876406 24.209.44.83:3225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37126 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D664E4D  Ack: 0x39B542A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:31:24.910641 24.209.44.83:3225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37127 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D665401  Ack: 0x39B542A4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:16:08.733330 24.209.196.254:3230 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F1B0FC6  Ack: 0xE13EEDCE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:16:08.741554 24.209.196.254:3230 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23533 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F1B157A  Ack: 0xE13EEDCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:29:12.932053 24.209.196.254:4160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA61957A5  Ack: 0x1396F842  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:08:27.990491 216.39.48.30:41326 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:11029 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x961892E0  Ack: 0xA798331B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 550484449 2073960927 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.723127 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59624 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23349FDB  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.763817 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2334A58F  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:24:38.323329 24.209.44.83:4914 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB52C81E  Ack: 0xE4E20EBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:24:38.370235 24.209.44.83:4914 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB52CDD2  Ack: 0xE4E20EBD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:24:52.205396 209.237.238.172:44494 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:41315 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xD4B466B6  Ack: 0xE5C2ACE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 311871455 2074465069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:29:34.297021 209.237.238.174:52119 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:40422 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE64D6C18  Ack: 0xF7A285D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 311882240 2074609549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:45:50.102865 24.209.229.123:4947 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6682 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FFBDA42  Ack: 0x349609B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:45:50.125634 24.209.229.123:4947 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FFBDFF6  Ack: 0x349609B5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:51:59.764101 216.39.48.30:49201 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21423 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x39CEE679  Ack: 0x4BD60CDA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 550745570 2075298670 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:57:01.983332 24.209.196.254:4236 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68AB5B6C  Ack: 0x5E7A3C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:57:01.991285 24.209.196.254:4236 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29048 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68AB6120  Ack: 0x5E7A3C41  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:44.302550 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E341  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:50.074993 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:65259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E341  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:50.117857 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:65262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E8F5  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:14:36.333626 216.39.48.30:49047 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23130 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x71FB1FD3  Ack: 0x83F46069  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 551241119 2077837282 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:16:16.723629 24.209.229.123:3200 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F4D2D24  Ack: 0x89BF9908  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:16:16.749089 24.209.229.123:3200 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2560 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F4D32D8  Ack: 0x89BF9908  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.930690 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7A83C  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.951143 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59843 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7ADF0  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:39.515395 24.98.50.142:4931 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25782 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD4B6045B  Ack: 0x23A4CD84  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:42.896805 24.98.50.142:4988 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25868 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD4DC9944  Ack: 0x238525AE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:43.075319 24.98.50.142:4989 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4DDB9D3  Ack: 0x233C710E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.275879 24.98.50.142:1133 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26150 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD5573568  Ack: 0x23CB8533  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.400613 24.98.50.142:1137 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD55B3346  Ack: 0x24248329  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:56:52.547044 24.98.50.142:1139 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55D6528  Ack: 0x2435059C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:56:52.670205 24.98.50.142:1140 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55EC04A  Ack: 0x24A1700C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.853959 24.98.50.142:1142 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26194 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD56151E6  Ack: 0x24569287  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:53.000186 24.98.50.142:1146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26210 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5644FD3  Ack: 0x23F560C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:53.171065 24.98.50.142:1150 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26228 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD567F9D7  Ack: 0x24A837F7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.333834 24.98.50.142:1200 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26372 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5986B37  Ack: 0x24F0F3E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.464017 24.98.50.142:1203 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26381 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD59B7C6F  Ack: 0x24ADCBF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.622132 24.98.50.142:1208 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26392 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD59F6D3E  Ack: 0x24999A6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.800214 24.98.50.142:1211 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD5A240CA  Ack: 0x24307936  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.945925 24.98.50.142:1214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26409 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD5A56B5D  Ack: 0x2420746F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:57.100911 24.98.50.142:1215 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD5A6A4A2  Ack: 0x245C60AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.484614 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6920B2D  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.507811 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF69210E1  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:34:12.713604 209.237.238.159:3090 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:51883 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFDB84DA0  Ack: 0xB0768DA9  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 910268051 2080283704 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:36:44.435082 216.39.48.30:55568 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:30883 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xA7E8B298  Ack: 0xBA01BE51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 551733826 2080361420 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:48:52.097014 24.206.140.78:2769 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33163 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBA2C03FB  Ack: 0xE9A38C63  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:48:55.861302 24.206.140.78:2904 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33601 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBA9A71BD  Ack: 0xE94C6CFE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:04.215557 24.206.140.78:3166 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34468 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB6F11F1  Ack: 0xE9D76C65  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:07.238422 24.206.140.78:3365 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBC08B72C  Ack: 0xEA3FFA92  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:19.655491 24.206.140.78:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:36755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDA199E2  Ack: 0xEAAB2A03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:49:29.704817 24.206.140.78:4138 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:37992 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBE723652  Ack: 0xEAD9B6C9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:49:35.812538 24.206.140.78:4566 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38950 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBFC5D7C5  Ack: 0xEBF0F74A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:37.907430 24.206.140.78:4700 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39278 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC0182E3E  Ack: 0xEB783357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:40.654516 24.206.140.78:4837 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39678 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC062A7CE  Ack: 0xEBB24B31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:52.293508 24.206.140.78:1480 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41508 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC203B8F2  Ack: 0xEC93AE82  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:58.233376 24.206.140.78:1740 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42386 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC2CEE108  Ack: 0xECDC0E76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:00.214787 24.206.140.78:1836 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42692 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC31C17C1  Ack: 0xEDA5437E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:01.896017 24.206.140.78:1925 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42960 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC35C1412  Ack: 0xED99899D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:03.535043 24.206.140.78:2005 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43223 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC399D4A7  Ack: 0xED7A9147  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:05.381835 24.206.140.78:2090 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43474 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC3DE3DC2  Ack: 0xED66F502  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:08.137520 24.206.140.78:2178 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43838 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC42490E3  Ack: 0xED50630D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-23:37:14.581529 216.39.48.30:41671 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23909 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x8C6B0E8E  Ack: 0x9ED4F75E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 552096763 2082220709 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.425289 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BDF92  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.460055 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BE546  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:38.541976 24.92.8.8:1537 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36249 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA35FCE73  Ack: 0xAC849179  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:38.985490 24.92.8.8:1547 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36304 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA368B93E  Ack: 0xAC5D4D09  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.227145 24.92.8.8:1555 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36349 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA36F051A  Ack: 0xACCCBE0A  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.422353 24.92.8.8:1566 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36374 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA37767E0  Ack: 0xAD1EFB5A  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.633949 24.92.8.8:1574 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA37EA0B6  Ack: 0xAC979E0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-00:48:39.818979 24.92.8.8:1581 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36424 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3847534  Ack: 0xAD26E225  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-00:48:40.025035 24.92.8.8:1585 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36453 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3882B2C  Ack: 0xAC9C1C29  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:40.221433 24.92.8.8:1589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36481 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA38BD2A4  Ack: 0xAD08DD3A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:43.706417 24.92.8.8:1679 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3DD0CB5  Ack: 0xAD649F6C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:47.082495 24.92.8.8:1823 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA453E34F  Ack: 0xACCA5F37  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:47.279252 24.92.8.8:1830 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA459B796  Ack: 0xAD55CC07  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:56.997440 24.92.8.8:2238 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5A984A4  Ack: 0xAD6E95D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.302630 24.92.8.8:2256 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38751 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA5B7F8E2  Ack: 0xAE0BAF0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.626010 24.92.8.8:2268 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5C17DA4  Ack: 0xAE09A463  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.785121 24.92.8.8:2282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38828 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5CD9F96  Ack: 0xAD7A4548  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.992085 24.92.8.8:2289 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38855 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5D2FD84  Ack: 0xAE4A18A9  Win: 0xFAF0  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-01:03:19.579716 216.221.81.96:54359 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:17454 IpLen:20 DgmLen:294 DF
***AP*** Seq: 0x85D9A7DE  Ack: 0xE40218BC  Win: 0x4470  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394173943 2084866177 
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-01:37:25.774607 66.196.65.24:36533 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:12475 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBDF8E593  Ack: 0x642A33FF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:16:28.361296 24.209.98.148:2304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:28371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB803B6ED  Ack: 0xF8AB2DA4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:16:28.388654 24.209.98.148:2304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:28372 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB803BCA1  Ack: 0xF8AB2DA4  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:33:56.260028 24.209.44.83:3265 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5245 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BFD97F2  Ack: 0x3A8686F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:33:56.290472 24.209.44.83:3265 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5246 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BFD9DA6  Ack: 0x3A8686F7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:33:59.610800 24.209.44.83:4076 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4239 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8C3DB53  Ack: 0x1D3B8E92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:33:59.641815 24.209.44.83:4076 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8C3E107  Ack: 0x1D3B8E92  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:48:55.386053 24.171.29.23:2541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD8C0AD  Ack: 0x5556CCBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:48:55.392479 24.171.29.23:2541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD8C661  Ack: 0x5556CCBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:45:26.661002 24.62.42.136:3469 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE5A06B4  Ack: 0x2B8F8CAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:45:26.669544 24.62.42.136:3469 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54700 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE5A0C68  Ack: 0x2B8F8CAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.416800 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B276E  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.465845 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45425 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B2D22  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:06.662050 24.98.69.172:2584 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43411 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA6064C5B  Ack: 0x607F152C  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:07.234562 24.98.69.172:2602 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43484 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA6168779  Ack: 0x6003F826  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:07.716236 24.98.69.172:2621 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43552 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA626C295  Ack: 0x609DBE8F  Win: 0x2238  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:17.283192 24.98.69.172:2844 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44651 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA6EE86A5  Ack: 0x6037B62D  Win: 0x2238  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:17.737319 24.98.69.172:2860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44706 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6FCCF50  Ack: 0x60D97B8D  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-06:07:18.096348 24.98.69.172:2865 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA701E52F  Ack: 0x60566484  Win: 0x2238  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-06:07:18.511012 24.98.69.172:2875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44801 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA70AD5C3  Ack: 0x60E5B0C9  Win: 0x2238  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:25.187453 24.98.69.172:2969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45663 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA75F6F97  Ack: 0x608F3D19  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:34.711836 24.98.69.172:3338 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA89EF221  Ack: 0x62111390  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:35.259623 24.98.69.172:3355 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47137 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8ABFCC1  Ack: 0x6197997D  Win: 0x2238  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:45.016844 24.98.69.172:3614 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA98FC046  Ack: 0x626F40A6  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:54.588643 24.98.69.172:3633 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA99F68A3  Ack: 0x62624C2A  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.022153 24.98.69.172:3878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49674 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA78D089  Ack: 0x63649FD2  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.545079 24.98.69.172:3890 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA82F72D  Ack: 0x629D4A21  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.883119 24.98.69.172:3905 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49795 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA8FE468  Ack: 0x635632A8  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:56.417125 24.98.69.172:3917 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA9907BB  Ack: 0x62BFBC41  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:42:46.030146 24.209.44.83:3092 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2526FE3F  Ack: 0xE69DE894  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:42:46.058216 24.209.44.83:3092 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x252703F3  Ack: 0xE69DE894  Win: 0x4470  TcpLen: 20

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/25-07:53:44.479371 65.219.238.66:1307 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:13175 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0x7782BD94  Ack: 0xF2A4B56C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-08:50:58.289190 24.98.4.90:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32687CC3  Ack: 0xCA788680  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-08:50:58.299239 24.98.4.90:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32688277  Ack: 0xCA788680  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-10:07:10.821921 24.209.33.158:3478 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38034 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7607C5C  Ack: 0xE98C55CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-10:07:10.850914 24.209.33.158:3478 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7608210  Ack: 0xE98C55CF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:32:33.444375 209.237.238.173:51568 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:63030 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x3824500F  Ack: 0x4A91CEA2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317302342 2102359120 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:51:28.447834 209.237.238.174:34004 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:25187 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7E123A1B  Ack: 0x929AC343  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317413511 2102940449 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:14.909199 24.209.33.158:1779 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF54E5BD2  Ack: 0xCE424501  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:14.933230 24.209.33.158:1779 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF54E6186  Ack: 0xCE424501  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:27.448732 24.209.33.158:2118 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16048 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF671AEC0  Ack: 0xCEB2F2E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:27.470404 24.209.33.158:2118 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16049 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF671B474  Ack: 0xCEB2F2E5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.790116 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A0F82  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.850011 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13570 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A1536  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:54:54.420221 24.209.33.158:4544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43520 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE1D46C9  Ack: 0x8224D075  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:54:54.456973 24.209.33.158:4544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43521 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE1D4C7D  Ack: 0x8224D075  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-11:59:56.102541 64.68.82.34:51869 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:7788 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x81730BD6  Ack: 0x94AD9860  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 765466524 2105041940 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:03:52.800148 24.209.33.158:2352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17767 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A8B94F3  Ack: 0xA39793A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:03:52.822429 24.209.33.158:2352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17768 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A8B9AA7  Ack: 0xA39793A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:03.063934 24.46.127.157:4315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16280 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C6B3AAD  Ack: 0x6463711A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.061677 24.46.127.157:4339 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16346 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C820785  Ack: 0x6479549B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.193437 24.46.127.157:4344 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16361 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C85A9A1  Ack: 0x64EBBBB7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.364930 24.46.127.157:4350 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16373 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C8AC6E2  Ack: 0x6456D90C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.503206 24.46.127.157:4352 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C8CC4A4  Ack: 0x650BA52E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-12:55:04.652472 24.46.127.157:4354 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16388 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C8F57F5  Ack: 0x649B31DA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-12:55:04.802348 24.46.127.157:4356 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16399 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C914310  Ack: 0x648A0853  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.931807 24.46.127.157:4363 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16415 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5C9795B1  Ack: 0x6500686E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:05.074556 24.46.127.157:4369 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C9CF4D8  Ack: 0x64F7A358  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:05.221867 24.46.127.157:4372 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C9FD56C  Ack: 0x646D920F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:14.511547 24.46.127.157:4602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16954 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5D667CEA  Ack: 0x64D65B9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:23.947696 24.46.127.157:4868 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5E28E389  Ack: 0x663D6BEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.480240 24.46.127.157:3033 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17590 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5E76C027  Ack: 0x661E9C7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.632576 24.46.127.157:3036 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17600 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E79C642  Ack: 0x65ACDAC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.790368 24.46.127.157:3039 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17612 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5E7C2E76  Ack: 0x660A8FD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.948241 24.46.127.157:3044 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17629 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E80A754  Ack: 0x65F2F8CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-13:41:23.035060 24.209.44.83:3946 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32709 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x318077B5  Ack: 0x1445ECE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-13:41:23.065267 24.209.44.83:3946 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32710 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31807D69  Ack: 0x1445ECE6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:13:04.316911 24.209.229.123:2014 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25140 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77527D4  Ack: 0x8BF36BB5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:13:04.356690 24.209.229.123:2014 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7752D88  Ack: 0x8BF36BB5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:25:34.064980 24.209.33.158:2164 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAFCF8EA0  Ack: 0xBA82DAA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:25:34.088623 24.209.33.158:2164 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28995 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAFCF9454  Ack: 0xBA82DAA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-15:17:01.338674 66.196.65.24:20933 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30930 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x87F2001D  Ack: 0x7D577893  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.122832 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF101  Ack: 0x98590298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.168193 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF6B5  Ack: 0x98590298  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:23:28.487123 24.209.44.83:4072 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23F3596E  Ack: 0x78AA194C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:23:28.521597 24.209.44.83:4072 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23F35F22  Ack: 0x78AA194C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:34:54.751629 24.25.30.57:2183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15BE56D8  Ack: 0xA3586A29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:34:54.774414 24.25.30.57:2183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43255 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15BE5C8C  Ack: 0xA3586A29  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:15.729050 24.35.68.68:2401 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34606 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x56B6F2E5  Ack: 0xBF7F523F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:16.383818 24.35.68.68:2415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34677 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x56C41DE9  Ack: 0xBFB7AC66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.708188 24.35.68.68:2463 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34842 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F340E3  Ack: 0xBFF27825  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.918067 24.35.68.68:2468 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34863 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F7F160  Ack: 0xC00CFB1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:20.124459 24.35.68.68:2471 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56FB1A8F  Ack: 0xC013E4EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.427050 24.35.68.68:2521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35034 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x572B1755  Ack: 0xBFEF0A67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.837726 24.35.68.68:2530 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35064 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5733989D  Ack: 0xBFC812AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:24.015078 24.35.68.68:2537 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35082 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x57394F38  Ack: 0xBFEDF461  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.186401 24.35.68.68:2580 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5765BD1B  Ack: 0xC03775C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.379325 24.35.68.68:2588 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35216 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x576C4540  Ack: 0xBF966649  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.556465 24.35.68.68:2628 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35343 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57980457  Ack: 0xC008E94C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.753914 24.35.68.68:2629 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5799BB75  Ack: 0xC080F104  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:33.871499 24.35.68.68:2636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x579F6C64  Ack: 0xC041303C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:34.085568 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35456 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.007524 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35593 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.291594 24.35.68.68:2723 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35614 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x57F7C588  Ack: 0xC02D5AE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:43.392337 24.35.68.68:2766 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58240DF6  Ack: 0xC1046BAF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:06:08.779228 66.196.65.24:37236 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19130 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x110FCA51  Ack: 0xFC340074  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:15:14.139121 209.237.238.173:40701 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:48090 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xA85B9D5  Ack: 0x1F73D58C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 320078361 2116577636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:22:09.983517 209.237.238.172:57215 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:54769 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x2532359A  Ack: 0x38A19332  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 320135299 2116790616 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-18:38:02.069505 24.209.98.148:1353 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC4B9FFA  Ack: 0x7415DD7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-18:38:02.107804 24.209.98.148:1353 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC4BA5AE  Ack: 0x7415DD7D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-19:02:38.249352 24.209.44.83:4734 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD6BF0F90  Ack: 0xD167E15E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-19:02:38.279831 24.209.44.83:4734 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11130 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD6BF1544  Ack: 0xD167E15E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.883665 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47575 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2F484  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.905849 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47576 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2FA38  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:55.176705 24.112.193.145:3426 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58267 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD448505E  Ack: 0x24DE07C4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:56.683042 24.112.193.145:3480 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58531 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD47280A8  Ack: 0x2443DCBB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:57.677622 24.112.193.145:3539 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58692 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4A0FA0D  Ack: 0x24AF2242  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:58.689770 24.112.193.145:3575 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58846 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4C07248  Ack: 0x24E245E7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:59.702027 24.112.193.145:3625 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59008 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD4EAD5BE  Ack: 0x2503C5A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-22:48:06.702038 24.112.193.145:3790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60119 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD57181DC  Ack: 0x24DD234B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-22:48:10.724121 24.112.193.145:3974 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60760 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD607EF75  Ack: 0x251CBE61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:11.744290 24.112.193.145:4135 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60973 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD68D7CB6  Ack: 0x254DCB54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:14.693237 24.112.193.145:4135 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61406 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD68D7CB6  Ack: 0x254DCB54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:15.709587 24.112.193.145:4322 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61621 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD72582F6  Ack: 0x260A510B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:16.741407 24.112.193.145:4362 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD747A74E  Ack: 0x25B07B53  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:20.709632 24.112.193.145:4523 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62339 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD7CD12A9  Ack: 0x2661D95F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:24.712534 24.112.193.145:4673 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD84CAE5A  Ack: 0x25F845E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:31.753972 24.112.193.145:4855 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:64018 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD8E42C94  Ack: 0x26AFA669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-00:06:28.079786 216.39.48.30:57533 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42015 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x38936B9F  Ack: 0x4D86E092  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 560910227 2127371278 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-00:46:29.837733 24.209.44.83:4841 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4199D8A5  Ack: 0xE474DE3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-00:46:29.869077 24.209.44.83:4841 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4199DE59  Ack: 0xE474DE3B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:48.645470 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31997 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758098 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:49.004931 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31998 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758134 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:49.723767 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31999 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758206 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:42:41.616766 66.196.65.24:30379 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:9929 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x98FABA1D  Ack: 0x9B81492B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-04:17:07.167592 216.39.48.30:47528 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34272 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xEAAE4537  Ack: 0xFFFA7E6C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 562413812 2135074031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:23:20.725572 218.28.4.46:3228 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:53259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2DAB9BE  Ack: 0x1720D1DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:23:20.726880 218.28.4.46:3228 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:53260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2DABF72  Ack: 0x1720D1DB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.281446 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4A35  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.302755 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31580 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4FE9  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.930091 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EA5B2  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.981425 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EAB66  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-05:12:32.565987 216.39.48.30:57930 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61181 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xBC663D75  Ack: 0xD197F3E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 562746280 2136777236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.598074 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E23A  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.626346 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E7EE  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.822168 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847996  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.852839 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847F4A  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-06:05:40.550275 216.39.48.30:57941 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45654 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x850D0225  Ack: 0x9A48ABBF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563065014 2138409788 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.161510 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36313 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092E650  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.169488 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36314 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092EC04  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.375909 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990694  Ack: 0x542616D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.398512 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990C48  Ack: 0x542616D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-08:22:35.311197 24.33.145.212:2516 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47978 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DBCBBDC  Ack: 0x9FEA1355  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-08:22:35.317579 24.33.145.212:2516 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47979 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DBCC190  Ack: 0x9FEA1355  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:05.620877 24.150.116.10:4200 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56629 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2CD385F6  Ack: 0x5A96DC92  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.322802 24.150.116.10:4212 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56657 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2CDCA3B8  Ack: 0x5AB69E31  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.548239 24.150.116.10:4214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CDEA63B  Ack: 0x5B14DCDE  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.729268 24.150.116.10:4219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CE1C647  Ack: 0x5AF78F33  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.133226 24.150.116.10:4411 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2D7DC2FC  Ack: 0x5ACBE34E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-09:12:16.306156 24.150.116.10:4415 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D80D87A  Ack: 0x5AEA3FE1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-09:12:16.530387 24.150.116.10:4418 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57158 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D83167E  Ack: 0x5AC0C17A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.732378 24.150.116.10:4419 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57168 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2D84D106  Ack: 0x5ACB8F5C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.923467 24.150.116.10:4420 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D865031  Ack: 0x5B3056D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.095662 24.150.116.10:4425 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D8B1005  Ack: 0x5BA1A1AC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.277653 24.150.116.10:4432 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D909AB8  Ack: 0x5B94410A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.477969 24.150.116.10:4435 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D932ED4  Ack: 0x5B844794  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.199664 24.150.116.10:4697 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2E4F90BE  Ack: 0x5C385F80  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.372293 24.150.116.10:4770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58051 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E89CADD  Ack: 0x5C846CFE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.583098 24.150.116.10:4776 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58081 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2E8E7CAB  Ack: 0x5C07A900  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.774300 24.150.116.10:4788 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E978F89  Ack: 0x5C61F550  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-10:21:27.757046 216.39.48.30:46692 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58044 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4B90F8DB  Ack: 0x603ADF34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 564599406 2146270628 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-10:49:52.515971 209.237.238.173:58685 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:51285 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xB601D92B  Ack: 0xCBC6E64E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326046086 2147143781 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-11:07:19.464416 209.237.238.161:1345 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:57721 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x38471FA3  Ack: 0xD688FBD  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373397257 2147680009 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.425132 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824812ED  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.447493 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824818A1  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.388565 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CDAB8  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.404077 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CE06C  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-13:33:54.907326 216.39.48.30:46718 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6242 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x2247A067  Ack: 0x37A1D026  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 565753877 2152184871 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:24.880739 24.209.44.83:3531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9EFE018  Ack: 0xD3A8AF9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:24.910481 24.209.44.83:3531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43788 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9EFE5CC  Ack: 0xD3A8AF9E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.311648 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62002 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE90B6  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.328526 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE966A  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:43:34.768589 24.209.44.83:4867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1FBB9D43  Ack: 0x3EE27DA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:43:34.799879 24.209.44.83:4867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8938 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1FBBA2F7  Ack: 0x3EE27DA6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-14:59:33.436163 209.237.238.175:49254 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:17070 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x65552CE4  Ack: 0x7A634967  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 327249503 2154816730 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-14:59:36.411010 209.237.238.161:4539 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:59696 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC72FE5E4  Ack: 0x7B301535  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374790776 2154818257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:40:44.905220 24.209.229.123:1760 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:27167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8F5C3  Ack: 0x165FB22E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:40:44.929792 24.209.229.123:1760 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:27168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8FB77  Ack: 0x165FB22E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:43:57.022632 24.209.229.123:3576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39428773  Ack: 0x22EBE23F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:43:57.055281 24.209.229.123:3576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39428D27  Ack: 0x22EBE23F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:49:49.430278 24.209.196.254:2551 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39027 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3062D83A  Ack: 0x38D1452F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:49:49.431561 24.209.196.254:2551 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39028 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3062DDEE  Ack: 0x38D1452F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:58:07.012977 24.209.229.123:4699 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DC40E7D  Ack: 0x58DB32F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:58:07.038584 24.209.229.123:4699 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55743 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DC41431  Ack: 0x58DB32F1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-17:14:28.984556 66.196.65.24:42983 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:13693 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C2CA47A  Ack: 0x786C2135  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:28:28.701628 24.209.196.254:2814 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x618CDD4  Ack: 0xADEA703A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:28:34.794480 24.209.196.254:2814 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x618D388  Ack: 0xADEA703A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:34:37.118288 24.209.196.254:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2354E4C6  Ack: 0xC5757218  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:34:37.126442 24.209.196.254:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27631 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2354EA7A  Ack: 0xC5757218  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:06:20.675146 24.209.196.254:1160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4C1687D  Ack: 0x3C870F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:06:20.676483 24.209.196.254:1160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4C16E31  Ack: 0x3C870F1B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:11:08.884014 24.209.229.123:1634 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5EDE73  Ack: 0x4F6EEE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:11:08.914548 24.209.229.123:1634 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5EE427  Ack: 0x4F6EEE29  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.432866 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4021 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAA473  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.458931 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAAA27  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:03:58.605223 24.112.193.145:1059 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:53676 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x96C986C7  Ack: 0xF8A0F7B1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:02.123991 24.112.193.145:1190 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54147 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x97386E00  Ack: 0xF86587E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:03.100482 24.112.193.145:1227 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54300 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9757D917  Ack: 0xF8D8D2DA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:07.128585 24.112.193.145:1343 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54769 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x97BA99A5  Ack: 0xF9642D48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:08.157261 24.112.193.145:1379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54947 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97D95886  Ack: 0xF93DB7A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:04:12.619343 24.112.193.145:1521 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55482 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98521BD9  Ack: 0xF9E54D16  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:04:23.130215 24.112.193.145:1860 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56661 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x99714CDF  Ack: 0xFA1FDDD4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:24.191872 24.112.193.145:1899 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56835 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9992EB88  Ack: 0xFA44EBED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:25.135617 24.112.193.145:1929 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56961 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99ACF11D  Ack: 0xFAB7D027  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:29.155584 24.112.193.145:2056 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A1C1359  Ack: 0xFA5BE86C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:33.126650 24.112.193.145:2201 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57926 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A96F123  Ack: 0xFAE93190  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:37.138085 24.112.193.145:2231 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9AB11444  Ack: 0xFA8289C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:41.141820 24.112.193.145:2361 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58875 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9B1D2EDA  Ack: 0xFAB41434  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:42.178706 24.112.193.145:2474 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B800120  Ack: 0xFB95DDC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:43.171836 24.112.193.145:2512 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59164 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B9FD95E  Ack: 0xFB75686E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:44.145103 24.112.193.145:2546 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59300 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9BBA74F0  Ack: 0xFBA41536  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:07:01.861451 24.209.196.254:2500 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58062 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0EEDB6B  Ack: 0x4305F40  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:07:01.896278 24.209.196.254:2500 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0EEE11F  Ack: 0x4305F40  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:18.111839 24.167.224.150:3399 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56057 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x92ED9D44  Ack: 0x85E8D188  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:18.742680 24.167.224.150:3409 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56093 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x92F6DD3D  Ack: 0x86B80756  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.349347 24.167.224.150:3531 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56430 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9376CD1D  Ack: 0x86ED6177  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.549679 24.167.224.150:3535 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56440 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x937AF58A  Ack: 0x873F8967  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.780595 24.167.224.150:3539 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56451 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x937EC648  Ack: 0x875803B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:41:29.016650 24.167.224.150:3541 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56469 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9380CE1F  Ack: 0x872EDB89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:41:32.511620 24.167.224.150:3613 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56705 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x93BFC1CB  Ack: 0x86BA6363  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:36.023741 24.167.224.150:3674 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56870 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x93F68671  Ack: 0x873BBC70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:36.235446 24.167.224.150:3677 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56885 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93F97C14  Ack: 0x878F943A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:45.680082 24.167.224.150:3819 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57321 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948471AB  Ack: 0x88399DC8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:45.926156 24.167.224.150:3824 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948961BC  Ack: 0x87A157F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:46.122923 24.167.224.150:3829 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948D5BED  Ack: 0x8852D123  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:55.592957 24.167.224.150:3957 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57725 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x950BE332  Ack: 0x8825F495  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.516276 24.167.224.150:3957 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57825 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x950BE332  Ack: 0x8825F495  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.795054 24.167.224.150:3994 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57835 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95337ADC  Ack: 0x88B70233  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.991017 24.167.224.150:3996 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57848 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x95358F1A  Ack: 0x88E8D9BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:42:02.423014 24.167.224.150:4045 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9565C847  Ack: 0x88E53473  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.481484 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C330C  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.507091 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C38C0  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.480033 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60675 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36F715  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.500106 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36FCC9  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:44:30.108381 24.209.98.148:4685 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:24076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CD1FE5A  Ack: 0x748EF146  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:44:30.141613 24.209.98.148:4685 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:24077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CD2040E  Ack: 0x748EF146  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-00:14:28.755438 216.39.48.30:51191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29896 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x94B32EC7  Ack: 0xAB0ABB95  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 569596433 2171869930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-00:14:29.214033 216.39.48.30:51191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29897 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x94B32EC7  Ack: 0xAB0ABB95  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 569596481 2171869930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:03:27.844793 24.209.229.123:2609 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA11B8241  Ack: 0x64903490  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:10:54.608210 24.209.229.123:3598 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:54386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCED9BB1  Ack: 0x805E735E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:10:54.693044 24.209.229.123:3598 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:54387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCEDA165  Ack: 0x805E735E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:44.410134 24.52.59.25:1243 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6021 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA0BB2016  Ack: 0x9D9A751D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:45.515605 24.52.59.25:1256 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0C8933E  Ack: 0x9E254FE3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:45.911486 24.52.59.25:1276 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6113 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0D8CA59  Ack: 0x9D8D19A5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:46.250630 24.52.59.25:1285 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6145 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0E163C8  Ack: 0x9DABD888  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:46.620017 24.52.59.25:1304 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6167 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F083C5  Ack: 0x9DF42AAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:49.556066 24.52.59.25:1304 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F083C5  Ack: 0x9DF42AAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:18:49.895941 24.52.59.25:1370 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6349 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1307735  Ack: 0x9E168E61  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:18:50.195748 24.52.59.25:1374 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6368 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1335A6B  Ack: 0x9DD095F1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:50.481133 24.52.59.25:1375 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6392 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA135791C  Ack: 0x9DE30AB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:50.741022 24.52.59.25:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA14367C2  Ack: 0x9E1CB1AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:53.727252 24.52.59.25:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA14367C2  Ack: 0x9E1CB1AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.124210 24.52.59.25:1469 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA186B3CB  Ack: 0x9E34B232  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.399060 24.52.59.25:1479 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6626 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA18F9AD6  Ack: 0x9E857C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.702894 24.52.59.25:1485 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA193F050  Ack: 0x9ED97FB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:40.849232 24.52.59.25:2617 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9849 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA588353C  Ack: 0xA161DD30  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:41.825925 24.52.59.25:2654 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5A8B1CC  Ack: 0xA142AEC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:45.414886 24.52.59.25:2738 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10181 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5F73077  Ack: 0xA17384D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:46.319714 24.52.59.25:2760 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10236 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6091EA1  Ack: 0xA1D491A7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:57.980344 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21483 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9D70A  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:58.024989 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9DCBE  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:46:39.545674 216.39.48.30:54191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16074 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xF110F73C  Ack: 0x6CE8AD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 570149385 2174702668 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.025401 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3BB30  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.040359 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3C0E4  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.180476 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x86326AE6  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.212386 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8632709A  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:37:58.769885 24.203.49.12:4020 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61677 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x84B92148  Ack: 0xABD6E815  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:09.631463 24.203.49.12:4694 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63934 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8689CE24  Ack: 0xAC188A88  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:22.535009 24.203.49.12:1420 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1180 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8850EE47  Ack: 0xACD13398  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:26.617743 24.203.49.12:1629 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1936 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x88F6D594  Ack: 0xAD5997BC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:28.586683 24.203.49.12:1866 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2305 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89B83EE6  Ack: 0xADD3204D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-03:38:30.368563 24.203.49.12:1937 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x89F1C641  Ack: 0xADC6E38B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-03:38:31.419829 24.203.49.12:2027 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2780 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A394228  Ack: 0xAE2F9911  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:42.161807 24.203.49.12:2528 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4774 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BCCE414  Ack: 0xAE891007  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:42.873807 24.203.49.12:2603 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8C0CA3DD  Ack: 0xAE5A17CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-06:34:50.650231 64.68.82.36:17418 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:1516 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x3153DCAA  Ack: 0x4805543F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 780786467 2183556522 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-07:11:06.368924 209.237.238.158:2982 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:27050 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB6E76880  Ack: 0xD1553370  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 930229681 2184673286 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-07:37:16.106293 24.192.100.125:3808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27136 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C804870  Ack: 0x3445696E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-07:37:18.539924 24.192.100.125:3808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27354 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C804E24  Ack: 0x3445696E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:46:00.432170 24.237.10.95:1519 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39102 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C0E21CE  Ack: 0x37789C31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:46:00.474670 24.237.10.95:1519 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39103 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C0E2782  Ack: 0x37789C31  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-08:48:10.667700 209.237.238.174:36095 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:8266 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x28CD98B8  Ack: 0x3F340098  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 333953293 2187656376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:55:58.458671 24.112.69.8:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8338DD3F  Ack: 0x5D033A4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:55:58.460422 24.112.69.8:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8338E2F3  Ack: 0x5D033A4B  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:18.615703 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2AD3496  Ack: 0x700D3096  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:18.959967 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2AD3536  Ack: 0x700D3204  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:19.198747 129.137.186.208:3024 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:124 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xFFE75EA4  Ack: 0x6FA82B04  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:05.755259 24.198.148.104:2162 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74977DD1  Ack: 0xF62F73B0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:08.009503 24.198.148.104:2247 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29648 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x74DFF043  Ack: 0xF647C936  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:09.825182 24.198.148.104:2286 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75025B8D  Ack: 0xF6CC9B45  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:11.380119 24.198.148.104:2344 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30018 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75353F58  Ack: 0xF69DBE95  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:12.338145 24.198.148.104:2382 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30134 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75562F05  Ack: 0xF708AD35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:52:13.374533 24.198.148.104:2409 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30260 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x756D6F35  Ack: 0xF7566C1D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:52:14.251928 24.198.148.104:2437 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75864B45  Ack: 0xF74BD3CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:15.221736 24.198.148.104:2466 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30472 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x759F28F3  Ack: 0xF768F2DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:16.415700 24.198.148.104:2501 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x75BB5210  Ack: 0xF7B09C34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:20.791035 24.198.148.104:2613 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:31046 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761F5B51  Ack: 0xF7DC41ED  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:31.311927 24.198.148.104:2881 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32041 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x770ADBA7  Ack: 0xF837147A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:33.066724 24.198.148.104:2920 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x772CBE09  Ack: 0xF8025FEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:34.853768 24.198.148.104:2953 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x774A1140  Ack: 0xF7F5FC6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:36.350464 24.198.148.104:3010 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32511 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x777ADA7B  Ack: 0xF7FF56E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:37.844923 24.198.148.104:3043 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32647 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x77991D33  Ack: 0xF81DFF90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:39.332339 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60  Ack: 0xF8316DC4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:41.853327 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:33117 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60  Ack: 0xF8316DC4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:10:36.913409 24.216.27.88:1593 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70BBCA30  Ack: 0x3C1DAC4A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:10:37.041329 24.216.27.88:1593 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70BBCFE4  Ack: 0x3C1DAC4A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:30:29.888980 24.126.90.163:3478 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8A9116D1  Ack: 0x88144B4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:30:29.898143 24.126.90.163:3478 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8A911C85  Ack: 0x88144B4B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:37:40.119231 24.136.217.109:3543 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580E8192  Ack: 0xA2719DAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:37:40.123566 24.136.217.109:3543 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580E8746  Ack: 0xA2719DAF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-12:46:20.162563 209.237.238.172:35131 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:49341 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAB870D66  Ack: 0xC3CDC2AA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400428 2194975171 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-12:47:20.213921 209.237.238.173:44233 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:19718 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAFE2EACE  Ack: 0xC7559188  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335390679 2195005923 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:46.218782 24.98.61.177:3326 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65093 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEAF555A  Ack: 0x9F35F1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:49.166705 24.98.61.177:3326 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65320 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEAF555A  Ack: 0x9F35F1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:50.377408 24.98.61.177:3383 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65418 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBEECC591  Ack: 0x9F84A85B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:54.378349 24.98.61.177:3457 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:207 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBF35E404  Ack: 0xA016A8A7  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:54.829876 24.98.61.177:3468 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:260 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBF3FBE95  Ack: 0xA01B90C3  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:55.356659 24.98.61.177:3480 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF4A9635  Ack: 0xA023C32F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-13:44:55.750041 24.98.61.177:3486 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:341 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF50E7A6  Ack: 0xA072FBCD  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-13:44:56.130319 24.98.61.177:3497 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:388 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF599490  Ack: 0xA05E9DCD  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:56.656255 24.98.61.177:3506 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:435 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBF62129E  Ack: 0xA005876E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:06.661085 24.98.61.177:3642 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1071 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFEF3A2E  Ack: 0xA0C9AE15  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:07.220585 24.98.61.177:3650 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1123 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFF6E3AB  Ack: 0xA156EC6F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:07.979331 24.98.61.177:3659 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1185 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFFFFEB2  Ack: 0xA0FAE8F0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:12.044754 24.98.61.177:3674 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC00E055E  Ack: 0xA168492A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:22.084878 24.98.61.177:3903 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2294 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC0EF5580  Ack: 0xA1BF3024  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:22.917036 24.98.61.177:3909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2354 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC0F55F14  Ack: 0xA1F3F65B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:25.849459 24.98.61.177:3909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC0F55F14  Ack: 0xA1F3F65B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:27.176903 24.98.61.177:3975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2667 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC136709A  Ack: 0xA1E553EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:40.745121 24.98.61.177:4135 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:3562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1D3135A  Ack: 0xA310FD9C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.902439 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47406 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC750224B  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.927087 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC75027FF  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-14:25:24.541624 24.128.167.110:2363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13799 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0A328FB  Ack: 0x39FF2001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-14:25:24.560842 24.128.167.110:2363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0A32EAF  Ack: 0x39FF2001  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-15:36:08.977505 66.196.65.24:43245 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6A0BF7FD  Ack: 0x4558E7AE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.034494 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34889 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13A45E  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.074808 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13AA12  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:17:04.749559 24.209.229.123:1185 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33873 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA6865DF  Ack: 0xDF8A1CA1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:17:04.758678 24.209.229.123:1185 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA686B93  Ack: 0xDF8A1CA1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:18:26.096200 24.49.186.177:4189 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DDBCA4  Ack: 0xE45F7AC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:18:26.162554 24.49.186.177:4189 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DDC258  Ack: 0xE45F7AC3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:49:02.804784 24.209.229.123:1330 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6373 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x772B73F0  Ack: 0x5929ED97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:49:02.824954 24.209.229.123:1330 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6374 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x772B79A4  Ack: 0x5929ED97  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:46.896965 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26366 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E1F42  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:46.910206 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26367 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E24F6  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:49.924254 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E1F42  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-17:54:57.425341 24.209.229.123:1566 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1D8AB4E  Ack: 0x510740EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-17:54:57.458953 24.209.229.123:1566 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1D8B102  Ack: 0x510740EA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:16:27.229580 24.209.98.148:1888 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCD917A  Ack: 0xA12775DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:16:27.289392 24.209.98.148:1888 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCD972E  Ack: 0xA12775DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.091151 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA7123  Ack: 0x38557796  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.112943 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA76D7  Ack: 0x38557796  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:02:32.110750 24.209.229.123:3476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A1799DA  Ack: 0x51007E8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:02:32.134450 24.209.229.123:3476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A179F8E  Ack: 0x51007E8E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-19:10:08.584938 209.237.238.159:2606 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:58543 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x4A7BA4B8  Ack: 0x6DDF280F  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 934960389 2206769875 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:18:24.500151 24.209.229.123:3446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABF376AD  Ack: 0x8C3C3FD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:18:24.525609 24.209.229.123:3446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABF37C61  Ack: 0x8C3C3FD9  Win: 0x4470  TcpLen: 20

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-19:48:18.278085 12.2.177.190:37138 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55633 IpLen:20 DgmLen:335 DF
***AP*** Seq: 0x1A4AB14  Ack: 0xFB117563  Win: 0x2133  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:56:43.973700 24.209.98.148:1929 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:55445 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFCFF48F1  Ack: 0x1C100F7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:56:44.004422 24.209.98.148:1929 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:55446 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFCFF4EA5  Ack: 0x1C100F7D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.233717 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AABB99  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.257270 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AAC14D  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.600768 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64381DA4  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.624171 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64382358  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:54:33.634821 24.209.128.164:4369 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABEDB6B0  Ack: 0xF8779A9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:54:33.642836 24.209.128.164:4369 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51052 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABEDBC64  Ack: 0xF8779A9E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:21:36.691191 24.209.14.164:4981 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x237CD9C9  Ack: 0x5E40BCF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:21:36.722301 24.209.14.164:4981 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12111 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x237CDF7D  Ack: 0x5E40BCF1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:33:29.276590 24.166.190.32:2601 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5208 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD60F711  Ack: 0x8A939271  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:33:29.301230 24.166.190.32:2601 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD60FCC5  Ack: 0x8A939271  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.693590 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28611 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB6387B5  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.725824 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28612 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB638D69  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-22:11:23.153356 24.209.229.123:2602 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D64056  Ack: 0x194B34EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-22:11:23.179346 24.209.229.123:2602 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D6460A  Ack: 0x194B34EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:34:05.485886 24.166.190.32:4839 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8743A37  Ack: 0x521ABE14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:34:05.509870 24.166.190.32:4839 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8743FEB  Ack: 0x521ABE14  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:35:52.909715 24.209.229.123:3033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58873 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC83B2E4  Ack: 0x58B252B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:35:52.955437 24.209.229.123:3033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC83B898  Ack: 0x58B252B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-23:57:54.205561 216.39.48.30:53435 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:50054 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x941067E6  Ack: 0xAC61A87E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 578135150 2215613031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-00:53:37.724956 24.207.194.112:3068 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAB4AB87  Ack: 0x7F2BE16A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-00:53:37.762480 24.207.194.112:3068 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAB4B13B  Ack: 0x7F2BE16A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-02:30:23.460781 24.24.212.29:4631 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7285C4D  Ack: 0xECFB2F94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-02:30:23.468975 24.24.212.29:4631 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7286201  Ack: 0xECFB2F94  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:22.527295 24.198.102.60:3043 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53834 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6D4408CB  Ack: 0x1E1B1F0C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:23.109362 24.198.102.60:3052 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53878 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6D4CD55C  Ack: 0x1E092842  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:23.360551 24.198.102.60:3057 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53906 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6D517ED4  Ack: 0x1E199D5A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:32.597107 24.198.102.60:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6E3CEDF4  Ack: 0x1ED56E70  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:32.870506 24.198.102.60:3337 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E41E9DB  Ack: 0x1F5494AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-03:51:33.148850 24.198.102.60:3343 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54757 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6E470690  Ack: 0x1EB9BEE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-03:51:36.352552 24.198.102.60:3443 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55016 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6E9C24C1  Ack: 0x1FA8B960  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:45.651690 24.198.102.60:3692 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55722 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6F77C775  Ack: 0x1FB8CDCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:45.890913 24.198.102.60:3700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55740 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F7E67A0  Ack: 0x1FEEE201  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:46.164427 24.198.102.60:3708 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55782 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F852D7A  Ack: 0x1F7D0308  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:55.390858 24.198.102.60:3996 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7080C836  Ack: 0x200EE93B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:58.771968 24.198.102.60:4109 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56949 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70E25A12  Ack: 0x20707357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:02.052419 24.198.102.60:4187 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57136 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x71267604  Ack: 0x2115AB9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:02.271081 24.198.102.60:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57157 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x712D6E9A  Ack: 0x21491007  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:05.241393 24.198.102.60:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57365 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x712D6E9A  Ack: 0x21491007  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:05.666408 24.198.102.60:4285 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57410 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x717E253D  Ack: 0x210F997C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:14.969423 24.198.102.60:4521 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x724FB61A  Ack: 0x22B37056  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:32.691849 24.98.186.231:1956 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA503A6D8  Ack: 0x50A0B35C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:33.727449 24.98.186.231:1987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA51D883B  Ack: 0x50BDCEB7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:43.205436 24.98.186.231:2360 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62954 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA657E18D  Ack: 0x516A4013  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:43.557537 24.98.186.231:2372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63009 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA661F241  Ack: 0x510C74C6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:52.901276 24.98.186.231:2789 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64477 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7B5BF58  Ack: 0x51E6BCA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:04:56.575359 24.98.186.231:2941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65044 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA832D11D  Ack: 0x525BB2BD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:04:56.969854 24.98.186.231:2964 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65107 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA847C7C4  Ack: 0x51E8C913  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:57.377108 24.98.186.231:2978 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8543828  Ack: 0x52488AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.001284 24.98.186.231:3005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65269 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA86944B4  Ack: 0x523202D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.528361 24.98.186.231:3033 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8807D29  Ack: 0x52258675  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.984658 24.98.186.231:3052 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8908E40  Ack: 0x520F83D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:08.347444 24.98.186.231:3469 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9E92F78  Ack: 0x5289B750  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:08.795282 24.98.186.231:3481 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1430 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA9F3DF67  Ack: 0x53246670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:09.219084 24.98.186.231:3498 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1496 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA019CFE  Ack: 0x530187B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:09.808597 24.98.186.231:3512 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1588 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA0E7AE9  Ack: 0x5330637D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:19.401542 24.98.186.231:3941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:3060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB6CB40A  Ack: 0x532628A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:06:29.100025 24.106.43.6:3527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC2AFC38  Ack: 0x57C7FA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:06:29.108513 24.106.43.6:3527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51082 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC2B01EC  Ack: 0x57C7FA71  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:10:57.405037 66.196.65.24:59043 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:3133 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA6DCC5DE  Ack: 0x6859BF51  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:26.386680 24.126.82.22:4375 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4002 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC833CCB  Ack: 0x18D21A49  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:27.130460 24.126.82.22:4432 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4222 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCCB1D2CB  Ack: 0x19351A79  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.859369 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23828 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA00736DC  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.889581 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0073C90  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-09:00:08.383219 24.112.85.6:4526 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:51523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD1EBA9A  Ack: 0xAB564987  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-09:00:33.409930 24.112.85.6:4526 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:53430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD1EC04E  Ack: 0xAB564987  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.869974 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55017E3D  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.895369 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x550183F1  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:19:45.834159 24.102.124.170:2574 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15377 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x714A2396  Ack: 0x9FB4F406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:19:45.898931 24.102.124.170:2574 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x714A294A  Ack: 0x9FB4F406  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:31:04.616151 24.194.35.172:4320 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56912 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x98DCE589  Ack: 0xCA0C46E2  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:31:04.627435 24.194.35.172:4320 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56913 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x98DCEA75  Ack: 0xCA0C46E2  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:34:41.763770 24.209.66.127:2531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19857 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9053A293  Ack: 0xD7CD5787  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:34:41.770121 24.209.66.127:2531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19858 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9053A847  Ack: 0xD7CD5787  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:40:34.488852 24.209.66.127:1743 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11682 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55A6AF8B  Ack: 0xD06F75CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:40:34.495106 24.209.66.127:1743 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55A6B53F  Ack: 0xD06F75CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:43:18.778644 24.209.178.84:3545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC1DF37CC  Ack: 0xDADE6309  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:43:18.786174 24.209.178.84:3545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27359 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC1DF3D80  Ack: 0xDADE6309  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.718936 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B316B7  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.739458 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B31C6B  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-14:59:05.541886 66.196.65.24:22879 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:23927 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD5173962  Ack: 0xF9BA81A1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:00:37.684582 24.209.178.84:1977 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x69294A98  Ack: 0xFEE94F76  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:00:37.691208 24.209.178.84:1977 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25192 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6929504C  Ack: 0xFEE94F76  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:29:35.011458 24.209.178.84:2721 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34535 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49680A7  Ack: 0x6CB30F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:29:35.021036 24.209.178.84:2721 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x496865B  Ack: 0x6CB30F68  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:55:55.450122 24.209.229.123:4426 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89F3145D  Ack: 0xCF6C1716  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:55:55.480667 24.209.229.123:4426 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89F31A11  Ack: 0xCF6C1716  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-16:44:42.808497 217.7.121.166:36304 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA93CFE09  Ack: 0x882B21E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-16:44:42.896091 217.7.121.166:36304 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA93D03BD  Ack: 0x882B21E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.509362 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37608 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B31590C  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.532288 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B315EC0  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:12:38.298190 24.209.229.123:2157 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52409 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x837DCE31  Ack: 0xF16B6EEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:12:38.324824 24.209.229.123:2157 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x837DD3E5  Ack: 0xF16B6EEB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:17:33.440459 24.209.178.84:4253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C22AFDE  Ack: 0x3A0416C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:17:33.448872 24.209.178.84:4253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C22B592  Ack: 0x3A0416C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:19:35.926415 24.209.178.84:1139 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13530 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46DD0FEF  Ack: 0xABE4C91  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:19:35.934793 24.209.178.84:1139 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13531 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46DD15A3  Ack: 0xABE4C91  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:31:03.453745 24.209.229.123:1626 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47480 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x479ACEA3  Ack: 0x37665B7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:31:03.483629 24.209.229.123:1626 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47481 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x479AD457  Ack: 0x37665B7C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.430732 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726E58D  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.454342 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726EB41  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:50:07.521314 24.209.98.148:1555 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:18554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70D3B242  Ack: 0x7F304F6E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:50:07.561523 24.209.98.148:1555 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:18555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70D3B7F6  Ack: 0x7F304F6E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:05:34.950288 24.209.44.83:3104 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31170 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43093502  Ack: 0xB9C98E81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:05:34.982734 24.209.44.83:3104 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31171 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43093AB6  Ack: 0xB9C98E81  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:36.142948 24.150.19.123:1936 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49664 IpLen:20 DgmLen:112
***AP*** Seq: 0x2ACFDECA  Ack: 0xD06E4402  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:36.862885 24.150.19.123:1956 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49723 IpLen:20 DgmLen:110
***AP*** Seq: 0x2AE00A17  Ack: 0xCFB19C05  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.073828 24.150.19.123:1965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49741 IpLen:20 DgmLen:120
***AP*** Seq: 0x2AE87A82  Ack: 0xD029BF20  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.358852 24.150.19.123:1969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49758 IpLen:20 DgmLen:120
***AP*** Seq: 0x2AEC08B4  Ack: 0xCFE6C20B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.647576 24.150.19.123:1975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49782 IpLen:20 DgmLen:136
***AP*** Seq: 0x2AF09C46  Ack: 0xCF939793  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-18:11:41.290138 24.150.19.123:2072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50090 IpLen:20 DgmLen:157
***AP*** Seq: 0x2B490014  Ack: 0xCFDCC89C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-18:11:44.956071 24.150.19.123:2233 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50714 IpLen:20 DgmLen:157
***AP*** Seq: 0x2BCBC9B6  Ack: 0xD0BDD116  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:45.223075 24.150.19.123:2245 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50763 IpLen:20 DgmLen:185
***AP*** Seq: 0x2BD3C9B7  Ack: 0xD0D48F01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:54.798839 24.150.19.123:2540 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51726 IpLen:20 DgmLen:137
***AP*** Seq: 0x2CCCB9FB  Ack: 0xD17BF010  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:58.021630 24.150.19.123:2546 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52021 IpLen:20 DgmLen:137
***AP*** Seq: 0x2CD1CCCD  Ack: 0xD18B0E7D  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:10.762769 24.150.19.123:2974 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53429 IpLen:20 DgmLen:137
***AP*** Seq: 0x2E37B364  Ack: 0xD1B60085  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.483793 24.150.19.123:3194 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53977 IpLen:20 DgmLen:137
***AP*** Seq: 0x2EF2D584  Ack: 0xD25512F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.701693 24.150.19.123:3205 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54013 IpLen:20 DgmLen:138
***AP*** Seq: 0x2EFCC4B2  Ack: 0xD24019CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.972260 24.150.19.123:3210 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54038 IpLen:20 DgmLen:136
***AP*** Seq: 0x2F02264B  Ack: 0xD251FA79  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:15.216496 24.150.19.123:3219 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54059 IpLen:20 DgmLen:140
***AP*** Seq: 0x2F087486  Ack: 0xD2B4AFC5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:15.389160 24.150.19.123:3227 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54078 IpLen:20 DgmLen:136
***AP*** Seq: 0x2F0F91DE  Ack: 0xD28BC8AD  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:34:04.215663 24.209.98.148:2216 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7262217D  Ack: 0x24C143F1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:34:04.257247 24.209.98.148:2216 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46079 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72622731  Ack: 0x24C143F1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:35:25.564679 24.209.98.148:4508 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:54900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7A29D191  Ack: 0x28D05A42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:35:25.572961 24.209.98.148:4508 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:54901 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7A29D745  Ack: 0x28D05A42  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.210433 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA4CCC  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.252237 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA5280  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:38:00.866529 24.136.155.112:2051 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4806 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F0A9FA8  Ack: 0xF877E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:38:00.878264 24.136.155.112:2051 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F0AA55C  Ack: 0xF877E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.054828 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D14450F  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.142307 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D144AC3  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:00:27.632474 216.39.48.30:55473 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18682 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x161AFBDB  Ack: 0x307B5898  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 586068782 2256256306 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:13:00.230181 66.196.65.24:35164 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:37932 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF52BC887  Ack: 0x6019F830  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.918597 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD43294B8  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.962595 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4329A6C  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:18.082353 24.160.16.46:3283 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51508 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x17BA04BD  Ack: 0x9CEA3D65  Win: 0xFDE8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:20.303663 24.160.16.46:3459 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52091 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x183BEC8D  Ack: 0x9D6B51FB  Win: 0xFDE8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:22.304106 24.160.16.46:3584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52611 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x189B4991  Ack: 0x9CC06128  Win: 0xFDE8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:24.215346 24.160.16.46:3732 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53123 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x190A38C4  Ack: 0x9D1C3E7B  Win: 0xFDE8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:25.925554 24.160.16.46:3867 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x196FFB37  Ack: 0x9CE715EF  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:29:27.931944 24.160.16.46:3992 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54078 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x19C6B3E2  Ack: 0x9D0808C3  Win: 0xFDE8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:29:30.014118 24.160.16.46:4128 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54583 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1A308CBF  Ack: 0x9D4E266A  Win: 0xFDE8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:32.112087 24.160.16.46:4281 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:55128 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1AA56686  Ack: 0x9D7358FB  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:43.009178 24.160.16.46:3507 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58463 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D5BA682  Ack: 0x9EA6CBD6  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:44.812895 24.160.16.46:3612 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1DAF92CB  Ack: 0x9ED9199E  Win: 0xFDE8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:46.645121 24.160.16.46:3728 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E087EA6  Ack: 0x9E2B1D14  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.018873 24.160.16.46:3853 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59547 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E68CB79  Ack: 0x9EB46F5E  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.317569 24.160.16.46:3910 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1E949615  Ack: 0x9F03309D  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.581283 24.160.16.46:3949 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EAD1542  Ack: 0x9F245D77  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:51.313063 24.160.16.46:3949 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60673 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EAD1542  Ack: 0x9F245D77  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:58.210982 24.160.16.46:4775 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62304 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x208B9852  Ack: 0x9F98BFC5  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:30:00.059216 24.160.16.46:4948 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20EA69FB  Ack: 0x9FBB4775  Win: 0xFDE8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:52:46.855718 24.209.229.123:3295 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63613 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x335DF7FB  Ack: 0xF679C351  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:52:46.878384 24.209.229.123:3295 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63614 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x335DFDAF  Ack: 0xF679C351  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:20:58.542391 24.118.110.94:3980 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A69438C  Ack: 0x42234FC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:20:58.550615 24.118.110.94:3980 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A694940  Ack: 0x42234FC3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:19.361594 24.162.219.203:3269 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23137 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8485DE51  Ack: 0x9353B233  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:20.236159 24.162.219.203:3287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23200 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8496F109  Ack: 0x935B852E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:21.665495 24.162.219.203:3300 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23270 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84A371E6  Ack: 0x93BB7FCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:23.267394 24.162.219.203:3321 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23361 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84B8CBB1  Ack: 0x93F875C4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:25.356272 24.162.219.203:3341 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23468 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84CDAAEE  Ack: 0x94552875  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-00:42:36.781811 24.162.219.203:3485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x85653AD1  Ack: 0x94BFF428  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-00:42:37.934608 24.162.219.203:3510 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x857EC3EB  Ack: 0x94B487BF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:49.964706 24.162.219.203:3642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x86079E24  Ack: 0x961233CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:52.473693 24.162.219.203:3667 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24846 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86214C06  Ack: 0x9714ABCA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:55.051158 24.162.219.203:3702 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24973 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86431920  Ack: 0x96DD3196  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:06.724716 24.162.219.203:3842 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:25613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86D85EC7  Ack: 0x97D4688A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:18.813238 24.162.219.203:4004 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26418 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x877E906B  Ack: 0x98AD0B83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:20.955205 24.162.219.203:4035 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26588 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x879E3135  Ack: 0x988804D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:23.315846 24.162.219.203:4074 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26759 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x87C2658D  Ack: 0x98B73190  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:25.411266 24.162.219.203:4102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26911 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x87E09F54  Ack: 0x98848A98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:27.949047 24.162.219.203:4135 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27073 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88011E5B  Ack: 0x992E75A2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:00.581667 24.99.49.210:3251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8240 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7A137434  Ack: 0xDACF0E05  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:01.436227 24.99.49.210:3297 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8331 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A391AB5  Ack: 0xDAAB6824  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:01.824412 24.99.49.210:3303 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8363 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A3F32C5  Ack: 0xDAAF6D79  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:11.834661 24.99.49.210:3563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9120 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7B22EA72  Ack: 0xDAE4C386  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:12.092766 24.99.49.210:3576 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9152 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B2EB695  Ack: 0xDB56CA63  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-01:01:12.375934 24.99.49.210:3587 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9183 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B373B56  Ack: 0xDAE35950  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-01:01:12.627927 24.99.49.210:3596 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9208 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B3F08AE  Ack: 0xDB4DB6E0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.229288 24.99.49.210:3872 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10045 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7C30BF0F  Ack: 0xDBD42FC3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.401935 24.99.49.210:3881 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10068 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C38BA41  Ack: 0xDC34721F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.730637 24.99.49.210:3888 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C3EBC43  Ack: 0xDC153484  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.995005 24.99.49.210:3897 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C47B977  Ack: 0xDBDE7430  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:23.333086 24.99.49.210:3906 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10148 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C4FEB62  Ack: 0xDBABD5AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:23.564302 24.99.49.210:3924 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10174 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7C5DFBDF  Ack: 0xDBDA01C1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:26.953300 24.99.49.210:3931 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C646A52  Ack: 0xDC0C7901  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:27.160433 24.99.49.210:4034 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10510 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7CC04AA5  Ack: 0xDC2B9E7E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:27.458063 24.99.49.210:4042 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10539 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7CC63EF6  Ack: 0xDC007D32  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:07:11.829346 24.209.229.123:2320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C89CFBF  Ack: 0xF2018387  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:07:11.851106 24.209.229.123:2320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C89D573  Ack: 0xF2018387  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.098951 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45285 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C593B42  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.139735 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C5940F6  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:44:30.606719 24.126.90.163:2925 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:52443 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81C599A8  Ack: 0x7DC888C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:44:30.612942 24.126.90.163:2925 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:52444 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81C59F5C  Ack: 0x7DC888C2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.724807 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51296 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225E87E  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.756089 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225EE32  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.426295 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7365  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.448808 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7919  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:15:25.687384 66.196.65.24:62335 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27978 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AC2765D  Ack: 0xD6518F00  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:32:36.314988 216.39.48.30:49454 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20409 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xFCDB55AD  Ack: 0x168B4303  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 588061223 2266463397 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.277176 24.126.82.22:4347 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:2959 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x41BE12E2  Ack: 0x5A520401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.719243 24.126.82.22:4369 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3040 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x41D24DD5  Ack: 0x5A60850E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:23.231650 24.126.82.22:4386 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3143 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41E25534  Ack: 0x5A63E39A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:32.988972 24.126.82.22:4774 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x434FF6C8  Ack: 0x5B4F7EB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:42.800119 24.126.82.22:1203 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6505 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44BA3ED2  Ack: 0x5C0820F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:43.604007 24.126.82.22:1231 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44D1B925  Ack: 0x5BD6F0BA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:56.519028 24.126.82.22:1567 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8661 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4603794C  Ack: 0x5C9395F3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.055348 24.126.82.22:1696 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8789 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x467E862F  Ack: 0x5C9E3337  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.380428 24.126.82.22:1716 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46907F8C  Ack: 0x5C5CDE10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.699298 24.126.82.22:1735 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8961 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46A2BB8C  Ack: 0x5D037C2D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:07.093439 24.126.82.22:2160 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:10765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x48118295  Ack: 0x5CCCBE7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:16.780935 24.126.82.22:2580 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:12595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x49879194  Ack: 0x5E2C72B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:20.792011 24.126.82.22:2757 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13383 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A281F87  Ack: 0x5E66F1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:21.482082 24.126.82.22:2781 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13494 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4A3D5226  Ack: 0x5DB664B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:31.145474 24.126.82.22:3248 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15520 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BD6E5CB  Ack: 0x5E89C42C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-10:08:30.282478 209.237.238.172:52644 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:23631 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3D85B5F  Ack: 0xEFBA81BA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 351733536 2278629671 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-10:35:58.035580 24.125.88.136:2163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x759A15AA  Ack: 0x5684F374  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-10:35:58.075861 24.125.88.136:2163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x759A1B5E  Ack: 0x5684F374  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:05:43.465257 66.196.65.24:47542 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:56014 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x203598AD  Ack: 0xA9837700  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.135094 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x4666A8CD  Ack: 0x3874D5A5  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.509608 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x4666A96D  Ack: 0x3874D713  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.733406 129.137.204.172:1052 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:127 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x1F17FAE0  Ack: 0x38F68246  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:01.439356 24.201.23.63:3123 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39882 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDEFA97FB  Ack: 0x41C49D6D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:03.686116 24.201.23.63:3148 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDF15BB79  Ack: 0x41B55FFE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:05.207685 24.201.23.63:3174 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40061 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF304218  Ack: 0x41C373E4  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:16.620890 24.201.23.63:3315 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDFBC52B2  Ack: 0x4259AF7E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:19.181164 24.201.23.63:3343 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFD88460  Ack: 0x43475AEF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:46:20.361588 24.201.23.63:3379 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40859 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFFBB5AC  Ack: 0x4322D1A9  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:46:20.580961 24.201.23.63:3401 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40924 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0101BF9  Ack: 0x432339D1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:20.780593 24.201.23.63:3413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40978 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE019B108  Ack: 0x42A4BEA9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:31.732650 24.201.23.63:3580 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0B6F8FC  Ack: 0x43A38B20  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:43.580200 24.201.23.63:3716 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE13F836D  Ack: 0x44BF36D7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:54.960847 24.201.23.63:3868 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42658 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1D7D9A0  Ack: 0x44BC30FF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.192715 24.201.23.63:3897 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42726 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1F395A4  Ack: 0x44E5DA2E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.453339 24.201.23.63:3913 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42796 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE20060F0  Ack: 0x4614464A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.739487 24.201.23.63:3937 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42880 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2116EBB  Ack: 0x45F17045  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.911999 24.201.23.63:3951 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42915 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE21D48C4  Ack: 0x4668DB6F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:56.095073 24.201.23.63:3959 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42943 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2238B55  Ack: 0x4604BD97  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:14:36.647101 24.160.66.26:1614 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52148 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x791DDA7E  Ack: 0xADD39990  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:14:42.620307 24.160.66.26:3305 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56085 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7DF7C7D1  Ack: 0xADF9E550  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:12.495884 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62161 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D3D2  Ack: 0xB74248EA  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:12.523336 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62162 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D97E  Ack: 0xB74248EA  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:27.191391 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63731 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD61A1  Ack: 0xB7D957DE  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:27.217046 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63732 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD674D  Ack: 0xB7D957DE  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:31.167424 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64158 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B125B3D  Ack: 0xB88224F5  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:31.193541 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64159 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B1260E9  Ack: 0xB88224F5  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:18.080016 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:16900 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D25E  Ack: 0xC3979544  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:21.525941 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17321 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE61381  Ack: 0xC36828FB  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:21.551457 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17322 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE6192D  Ack: 0xC36828FB  Win: 0x4410  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:22.472518 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17435 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D80A  Ack: 0xC3979544  Win: 0x4410  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:34.250974 24.43.35.50:2561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40916 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x83E0806F  Ack: 0xE28931B3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:34.873023 24.43.35.50:2575 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40960 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x83ED2EAF  Ack: 0xE1E2E49E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.416897 24.43.35.50:2719 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41433 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x847E1AEC  Ack: 0xE2CF46F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.647288 24.43.35.50:2726 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41460 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84847C89  Ack: 0xE2F44892  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.808982 24.43.35.50:2730 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41475 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8488266D  Ack: 0xE2EBF4AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-13:28:58.164393 24.43.35.50:2915 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42410 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x853BC9FF  Ack: 0xE30A2D5C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:02.218854 24.43.35.50:3057 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x85C23A0E  Ack: 0xE427A7F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:02.501987 24.43.35.50:3063 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42752 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85C72B15  Ack: 0xE3770990  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:12.310846 24.43.35.50:3227 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43292 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8666D8CE  Ack: 0xE4CD2380  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.320899 24.43.35.50:3356 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43657 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86EC366E  Ack: 0xE4C1FCCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.795043 24.43.35.50:3360 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86F09CE6  Ack: 0xE565C18B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.982592 24.43.35.50:3373 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43706 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x86FA51C6  Ack: 0xE495ACC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:23.142740 24.43.35.50:3377 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43717 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x86FDAC2B  Ack: 0xE4F98D6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:23.282632 24.43.35.50:3379 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x87000D3E  Ack: 0xE4A0D86D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:24.275014 24.43.35.50:3381 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43765 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8702ACF3  Ack: 0xE54F9C22  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:19:18.895067 24.193.10.206:3682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x93AB4E4  Ack: 0xA3036CD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:19:18.915733 24.193.10.206:3682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x93ABA98  Ack: 0xA3036CD8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:49:18.874180 209.237.238.174:42617 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:8771 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF74C50C0  Ack: 0x12A47F80  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 353399565 2287259197 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:35.032682 24.76.98.113:4081 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62439 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACC6AF4  Ack: 0x1C0ADC90  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:36.619798 24.76.98.113:4110 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62622 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AE72EFA  Ack: 0x1C231F61  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:37.291608 24.76.98.113:4126 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62714 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6AF39593  Ack: 0x1C892292  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:38.187341 24.76.98.113:4142 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62825 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B025FCD  Ack: 0x1C2B621C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:48.471867 24.76.98.113:4346 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BB29C42  Ack: 0x1D2B8FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:51:52.554488 24.76.98.113:4418 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6BF1CADF  Ack: 0x1CD5C47C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:51:53.419388 24.76.98.113:4431 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64476 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6BFE2067  Ack: 0x1CFDEA5E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:06.817449 24.76.98.113:4588 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:203 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C8BACBB  Ack: 0x1D9F9ECB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:11.006922 24.76.98.113:4709 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:660 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CF536AB  Ack: 0x1DBF737A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:11.899491 24.76.98.113:4726 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:767 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D0371DF  Ack: 0x1EB2D235  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:12.527162 24.76.98.113:4741 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:847 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D10627A  Ack: 0x1E4F51EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:13.344433 24.76.98.113:4753 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:944 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D1B9AFD  Ack: 0x1E89654B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:13.985919 24.76.98.113:4768 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1031 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6D263291  Ack: 0x1E74F532  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:14.829767 24.76.98.113:4782 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1108 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D324125  Ack: 0x1E185CD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:15.694433 24.76.98.113:4798 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1208 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D419177  Ack: 0x1ED385A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:16.617064 24.76.98.113:4820 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1316 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D51F13E  Ack: 0x1E6B9272  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:41:53.418088 24.209.44.83:4191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBEB314E  Ack: 0xDB4E3369  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:41:53.450725 24.209.44.83:4191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBEB3702  Ack: 0xDB4E3369  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:15.726344 24.99.96.131:3971 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31511 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC2EA40C  Ack: 0x18C764BA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:16.843396 24.99.96.131:4051 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC6F7829  Ack: 0x18D09961  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:17.162936 24.99.96.131:4075 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31806 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC81BEEF  Ack: 0x190888F8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:17.442569 24.99.96.131:4098 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31853 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC92D8E2  Ack: 0x18F11C05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-15:58:17.820187 24.99.96.131:4117 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCA27F8E  Ack: 0x1840D689  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-15:58:18.081639 24.99.96.131:4133 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCB05447  Ack: 0x18D73E85  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:18.570852 24.99.96.131:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32065 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCCC4EF7A  Ack: 0x18A63FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:28.171753 24.99.96.131:1099 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEB70E17  Ack: 0x19B230E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:28.669159 24.99.96.131:1141 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCED56A06  Ack: 0x19D49321  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:29.054031 24.99.96.131:1169 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33912 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEEB5133  Ack: 0x19D42047  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:29.571149 24.99.96.131:1194 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEFF923C  Ack: 0x19933673  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.008016 24.99.96.131:1220 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34066 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCF13EED2  Ack: 0x19435CB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.559145 24.99.96.131:1247 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34164 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF2956C3  Ack: 0x199AD392  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.984966 24.99.96.131:1287 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34237 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCF44E490  Ack: 0x1939F2D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:31.482266 24.99.96.131:1312 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34322 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF588E9F  Ack: 0x19544114  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.529042 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEDC7A  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.551062 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEE22E  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-16:30:55.942884 216.39.48.30:40932 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:32231 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x777025C9  Ack: 0x937AC753  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 592730173 2290381987 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:39:01.307967 24.209.44.83:4103 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3828F242  Ack: 0xB1638EA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:39:01.337765 24.209.44.83:4103 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3828F7F6  Ack: 0xB1638EA6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:44:45.878916 24.28.233.168:3945 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54E58DC9  Ack: 0xC6C2A746  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:44:45.909230 24.28.233.168:3945 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54E5937D  Ack: 0xC6C2A746  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:14.978181 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12080 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72CDA0  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:15.002254 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72D354  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.484812 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB61B2  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.518118 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20018 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB6766  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.684197 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46535 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF00ED7  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.715384 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF0148B  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:17:48.984607 24.209.196.254:1657 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47042 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA97FFAEB  Ack: 0x27E9134A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:17:48.992983 24.209.196.254:1657 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47043 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA980009F  Ack: 0x27E9134A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.362796 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D001A  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.390678 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D05CE  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:56:56.445979 24.209.252.31:1047 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1315012  Ack: 0xBB1B1BB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:56:56.475439 24.209.252.31:1047 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB13155C6  Ack: 0xBB1B1BB3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-19:39:01.495378 24.209.98.148:2023 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64189 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBE1ECE  Ack: 0x59F01F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-19:39:01.534185 24.209.98.148:2023 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBE2482  Ack: 0x59F01F0A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:20:39.655609 24.209.44.83:3063 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D849A1  Ack: 0xF6EF0391  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:20:39.688224 24.209.44.83:3063 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D84F55  Ack: 0xF6EF0391  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:59:46.474762 24.209.44.83:4161 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F45053A  Ack: 0x8AF599F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:59:46.508131 24.209.44.83:4161 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28082 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F450AEE  Ack: 0x8AF599F3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:20:16.508089 24.209.26.198:2758 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x36B3F537  Ack: 0xD8DBB43A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:20:16.554682 24.209.26.198:2758 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x36B3FAEB  Ack: 0xD8DBB43A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:27:55.813228 24.209.44.83:4225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7B82F9A  Ack: 0xF4C874F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:27:55.847481 24.209.44.83:4225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7B8354E  Ack: 0xF4C874F7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-21:29:18.569851 66.196.65.24:16393 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49465 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD8E7D2CD  Ack: 0xFAB8C101  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:42:28.723277 24.209.44.83:4834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B53EB80  Ack: 0xEAE609F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:42:28.753967 24.209.44.83:4834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B53F134  Ack: 0xEAE609F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:43:59.567232 24.209.44.83:3228 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x836DD5B6  Ack: 0x14D0A36E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:43:59.599015 24.209.44.83:3228 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41235 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x836DDB6A  Ack: 0x14D0A36E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:17:39.262210 24.209.196.254:4858 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:62419 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD25C033  Ack: 0x935BE510  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:55:11.675660 24.194.228.55:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44736 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E5791A  Ack: 0x211ED745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:55:11.716692 24.194.228.55:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E57ECE  Ack: 0x211ED745  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-00:06:36.004503 66.196.65.24:28919 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:48210 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x533B4D90  Ack: 0x4CCF18B7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:34:29.423825 24.209.44.83:3238 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27921 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC8499E17  Ack: 0xB641102B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:34:29.456159 24.209.44.83:3238 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC849A3CB  Ack: 0xB641102B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:41:33.019190 24.209.44.83:4127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60374 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED11A045  Ack: 0xD05F9637  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:41:33.051147 24.209.44.83:4127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60375 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED11A5F9  Ack: 0xD05F9637  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-01:21:21.559250 24.127.15.16:2752 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x819C474D  Ack: 0x673B6DD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-01:21:21.560282 24.127.15.16:2752 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1732 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x819C4D01  Ack: 0x673B6DD3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-01:40:06.404082 66.196.65.24:26903 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:21709 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCB921BA9  Ack: 0xAE42B6D3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:00:07.665610 24.209.26.198:3073 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31429 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x351A7506  Ack: 0xF9FC7FEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:00:07.717387 24.209.26.198:3073 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x351A7ABA  Ack: 0xF9FC7FEF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-02:45:31.629728 216.39.48.30:39112 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37505 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x879EEB65  Ack: 0xA5508CAB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 596408617 2309269001 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:58:10.016170 24.194.228.55:3398 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB66B838  Ack: 0xD5D6A137  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:58:10.047224 24.194.228.55:3398 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB66BDEC  Ack: 0xD5D6A137  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:19:44.087934 24.209.44.83:3065 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:30337 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BE24CA  Ack: 0x271A5984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:19:44.118087 24.209.44.83:3065 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:30338 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BE2A7E  Ack: 0x271A5984  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-03:24:00.348037 64.68.82.39:45992 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:16937 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x19D7BC66  Ack: 0x36B7B742  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1835466395 2310451084 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:35:29.517180 24.209.44.83:3142 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5401D23E  Ack: 0x61A26248  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:35:29.547764 24.209.44.83:3142 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5401D7F2  Ack: 0x61A26248  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:36:21.434174 24.209.44.83:4323 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580B1C2B  Ack: 0x65389D51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:36:21.464660 24.209.44.83:4323 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32794 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580B21DF  Ack: 0x65389D51  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:37:24.888491 24.209.26.198:4645 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59137 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B978FAC  Ack: 0x6867827B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:37:24.907635 24.209.26.198:4645 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59138 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B979560  Ack: 0x6867827B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-04:00:11.938736 66.196.65.24:8558 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:37369 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE4E39306  Ack: 0xBF1EE838  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-04:38:45.341047 24.209.26.198:2108 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42CB845B  Ack: 0x5043FC5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-04:38:45.362639 24.209.26.198:2108 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50014 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42CB8A0F  Ack: 0x5043FC5D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-04:40:02.157720 209.237.238.173:42504 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:59012 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x39376C59  Ack: 0x562C5B2A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 358386405 2312787954 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-05:08:39.675182 24.209.44.83:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x586606B  Ack: 0xC0FC93C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-05:08:39.707191 24.209.44.83:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x586661F  Ack: 0xC0FC93C6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-05:18:17.971889 66.196.65.24:29356 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:4077 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5BFB671  Ack: 0xE5484827  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-07:05:17.907919 24.209.26.198:1217 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35998 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8B2C182  Ack: 0x7AD795DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-07:05:17.926325 24.209.26.198:1217 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35999 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8B2C736  Ack: 0x7AD795DB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-07:25:17.867673 209.237.238.175:40509 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38502 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xA8EDB8D9  Ack: 0xC68B37A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 359083722 2317866575 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-07:31:10.138814 209.237.238.172:39532 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:44907 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xBE61DADD  Ack: 0xDBD730C1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 359429569 2318047021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-08:38:39.510470 66.196.65.24:37273 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30731 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8A285CB4  Ack: 0xDB36E5AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-08:57:45.730306 24.209.44.83:3168 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8C02EAE  Ack: 0x234F63CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-08:57:45.762322 24.209.44.83:3168 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8C03462  Ack: 0x234F63CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-10:05:00.655434 24.209.44.83:3392 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE84B1DB  Ack: 0x21A59537  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-10:05:00.687811 24.209.44.83:3392 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE84B78F  Ack: 0x21A59537  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-10:37:46.728216 66.196.65.24:36065 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:33415 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC548C64  Ack: 0x9E2CE428  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:34:46.220052 24.118.162.108:1844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55571 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x356923EB  Ack: 0x56CDC1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:34:46.228938 24.118.162.108:1844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55572 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3569299F  Ack: 0x56CDC1C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:40:00.646669 24.209.26.198:2410 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45037 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B4CBB62  Ack: 0x6B13C2A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:40:00.689242 24.209.26.198:2410 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45038 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B4CC116  Ack: 0x6B13C2A5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:03:31.131998 24.209.26.198:3193 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51932 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB51F8C12  Ack: 0xC40542F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:03:31.176757 24.209.26.198:3193 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51933 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB51F91C6  Ack: 0xC40542F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:05:33.570995 24.209.26.198:1354 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58158 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBCE192B5  Ack: 0xCBA3AB91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:05:33.611277 24.209.26.198:1354 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58159 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBCE19869  Ack: 0xCBA3AB91  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:48:25.065589 24.209.26.198:1404 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D3D56EA  Ack: 0x6C4A80D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:48:25.077157 24.209.26.198:1404 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D3D5C9E  Ack: 0x6C4A80D4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:13:07.408271 24.209.26.198:2196 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62869 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB80A3872  Ack: 0xC9E4C789  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:13:07.430141 24.209.26.198:2196 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62870 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB80A3E26  Ack: 0xC9E4C789  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:17:23.343812 24.90.108.92:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0F6DA96  Ack: 0xDB82E72B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:17:23.351323 24.90.108.92:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0F6E04A  Ack: 0xDB82E72B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:23:57.628609 24.209.44.83:4366 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE292DDB3  Ack: 0xF3C45859  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:23:57.660955 24.209.44.83:4366 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE292E367  Ack: 0xF3C45859  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:47:01.547750 24.209.44.83:4780 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32C7B72B  Ack: 0x4B6BAE2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:47:01.593828 24.209.44.83:4780 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32C7BCDF  Ack: 0x4B6BAE2B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-15:04:51.319363 66.196.65.24:53137 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:64810 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEAB23B75  Ack: 0x8EAC2A69  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-15:22:57.236773 24.209.44.83:3347 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAE9D454C  Ack: 0xD1E7C561  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-15:22:57.275234 24.209.44.83:3347 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8808 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAE9D4B00  Ack: 0xD1E7C561  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:08:41.139115 66.196.65.24:61204 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27416 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD6452850  Ack: 0x7FF23DCC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:30:12.485916 209.237.238.160:1768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35766 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x61B843DA  Ack: 0xD0129D98  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959467032 2334612148 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:33:42.334152 216.39.48.30:37382 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:46422 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC03AF20B  Ack: 0xDE2E4396  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 601376619 2334719629 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:40:02.874405 24.209.98.148:1968 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:1810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x324E764B  Ack: 0xF5C459D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:40:02.898193 24.209.98.148:1968 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:1811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x324E7BFF  Ack: 0xF5C459D8  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:46:51.235001 209.237.238.159:2606 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16273 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x75EE8196  Ack: 0xEFC82A9  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960017323 2335123677 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:40.586459 24.57.13.78:3469 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64439 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6BE58D39  Ack: 0x2C067D0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:41.501201 24.57.13.78:3490 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6BFA4D07  Ack: 0x2C1F26B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.036457 24.57.13.78:3494 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64540 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6BFDF78F  Ack: 0x2C660729  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.317997 24.57.13.78:3503 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64575 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C06E095  Ack: 0x2C5CD977  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.535325 24.57.13.78:3508 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C0B4906  Ack: 0x2C13A316  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:54:42.907694 24.57.13.78:3510 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64620 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C0D99F6  Ack: 0x2BC59C66  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:54:46.054804 24.57.13.78:3522 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64846 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C17FC59  Ack: 0x2C9ECA6D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.256050 24.57.13.78:3571 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64858 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C444756  Ack: 0x2C575416  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.465333 24.57.13.78:3577 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64884 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C49D3B1  Ack: 0x2CD428E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.654811 24.57.13.78:3580 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64903 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4D37FC  Ack: 0x2CB12C49  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.813249 24.57.13.78:3584 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C510F03  Ack: 0x2CE23971  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:47.026558 24.57.13.78:3588 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64936 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C54E22A  Ack: 0x2C66E161  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:47.241671 24.57.13.78:3594 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64970 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C59B82E  Ack: 0x2CCE7041  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:50.278258 24.57.13.78:3594 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:65202 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C59B82E  Ack: 0x2CCE7041  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:56.597191 24.57.13.78:3732 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:82 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CE21E76  Ack: 0x2E2C4D49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:56.906769 24.57.13.78:3737 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:108 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CE7010C  Ack: 0x2DAE3549  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:57.108206 24.57.13.78:3741 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:122 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CEB76D0  Ack: 0x2E0D6EC7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:06:34.270677 24.209.44.83:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1168948B  Ack: 0x59F77964  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:06:34.303310 24.209.44.83:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26217 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11689A3F  Ack: 0x59F77964  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:42:38.532424 24.193.104.69:1388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14225 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CCEF90  Ack: 0xE3015BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:42:38.560474 24.193.104.69:1388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14226 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CCF544  Ack: 0xE3015BC6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:54:44.482301 24.209.98.148:4753 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD12459A4  Ack: 0xF7F3478  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:54:44.511787 24.209.98.148:4753 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1245F58  Ack: 0xF7F3478  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:55:13.514613 24.209.98.148:1540 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:9124 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3AF4DFF  Ack: 0x1166B6A1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:55:13.564558 24.209.98.148:1540 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:9125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3AF53B3  Ack: 0x1166B6A1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:00:01.502289 24.209.5.98:4145 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ECEE16  Ack: 0x23F479D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:00:01.524299 24.209.5.98:4145 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18389 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ECF3CA  Ack: 0x23F479D6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-18:02:48.026368 66.196.65.24:10449 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57484 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8CFD8AD7  Ack: 0x2E0FE094  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:03:04.101453 24.209.98.148:1812 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:56511 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFD50E779  Ack: 0x2FD8A6DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:03:04.130563 24.209.98.148:1812 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:56512 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFD50ED2D  Ack: 0x2FD8A6DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-19:12:12.671114 24.94.15.67:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36438 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFC8024B  Ack: 0x33AF27F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-19:12:12.770481 24.94.15.67:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFC807FF  Ack: 0x33AF27F9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-19:13:37.248982 66.196.65.24:36306 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:46218 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x755659DD  Ack: 0x3A5FE3A6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-20:16:30.794059 66.196.65.24:39192 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18117 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x264A6881  Ack: 0x274080B8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:10:43.451720 24.33.18.42:2163 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5582 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x692613F1  Ack: 0xF3B98A55  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:10:43.462248 24.33.18.42:2163 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5583 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x692619A5  Ack: 0xF3B98A55  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:35:22.917826 24.209.196.254:4555 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20089 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABDDFD84  Ack: 0x517FD7CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:35:22.919276 24.209.196.254:4555 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20090 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABDE0338  Ack: 0x517FD7CC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-22:22:57.933812 24.235.161.61:4124 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51622 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x712EECA6  Ack: 0x43434F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-22:22:57.940762 24.235.161.61:4124 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51623 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x712EF25A  Ack: 0x43434F6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-22:35:05.050163 64.68.82.79:57180 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:13217 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x13E47AA9  Ack: 0x3149B686  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 812468942 2345823042 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-22:42:23.100422 216.39.48.30:52573 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5081 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x30A915B3  Ack: 0x4F79F3A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 603588213 2346049411 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:03:31.367082 24.212.21.192:4283 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51877 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25721CBB  Ack: 0x9E846639  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:03:31.375103 24.212.21.192:4283 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2572226F  Ack: 0x9E846639  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:35.331649 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E108E  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:35.610876 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1901 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E1642  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:41.332952 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:2276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E108E  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:42.627319 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:2390 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E1642  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-23:37:24.927709 66.196.65.24:37734 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:11856 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3C25BEA2  Ack: 0x1E12A9DD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-00:57:45.518855 24.209.5.98:3333 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8961 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272F720C  Ack: 0x4DC6964F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-00:57:45.542896 24.209.5.98:3333 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272F77C0  Ack: 0x4DC6964F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:02:40.582777 24.209.5.98:3247 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x364C30FD  Ack: 0x600A0E61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:02:40.607378 24.209.5.98:3247 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20414 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x364C36B1  Ack: 0x600A0E61  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:11:27.844378 24.209.98.148:3162 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA2A9B12  Ack: 0x82856B76  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:11:27.873973 24.209.98.148:3162 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA2AA0C6  Ack: 0x82856B76  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:23:19.234114 24.218.174.97:1177 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:63881 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0DEDEF0  Ack: 0xAF278930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:23:19.243221 24.218.174.97:1177 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:63882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0DEE4A4  Ack: 0xAF278930  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-02:43:24.065365 66.196.65.24:23431 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:28278 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x504D72FA  Ack: 0xDDB02A1A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-02:45:01.262234 216.39.48.30:52393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60338 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC3D3D048  Ack: 0xE2F75D56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 605043717 2353505842 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-04:12:59.584234 66.196.65.24:60276 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29075 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFC7325DF  Ack: 0x2FBECC4A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:04.288591 24.202.81.59:3356 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26706 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAAA97837  Ack: 0x22474C57  Win: 0x4074  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:17.684826 24.202.81.59:3643 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27812 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xABABF233  Ack: 0x22936A32  Win: 0x4074  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:17.923815 24.202.81.59:3770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27869 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC15B4DD  Ack: 0x22CDCBB8  Win: 0x4074  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:18.174176 24.202.81.59:3785 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27929 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC20D228  Ack: 0x230ADD9B  Win: 0x4074  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:27.653483 24.202.81.59:4109 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAD3198A8  Ack: 0x232C170C  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:17:27.832830 24.202.81.59:4117 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29018 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD383928  Ack: 0x23A3AFC0  Win: 0x4074  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:17:28.065982 24.202.81.59:4125 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29071 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD3F092D  Ack: 0x2328C019  Win: 0x4074  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:37.460177 24.202.81.59:4385 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29834 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAE261301  Ack: 0x23F513CD  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:37.618982 24.202.81.59:4398 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE2F04BA  Ack: 0x244CC232  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:47.432683 24.202.81.59:4650 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30620 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0EB7E5  Ack: 0x24956293  Win: 0x4074  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:48.370201 24.202.81.59:4666 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF19B36F  Ack: 0x2472D52A  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:49.200639 24.202.81.59:4689 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30740 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF2C2BC4  Ack: 0x24A140CD  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:50.212633 24.202.81.59:4714 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30819 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAF41FD74  Ack: 0x24C19E74  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:51.432806 24.202.81.59:4746 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30950 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF5B841E  Ack: 0x249B8676  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:52.476900 24.202.81.59:4779 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31035 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAF786720  Ack: 0x25418457  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:53.289796 24.202.81.59:4807 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31076 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF923027  Ack: 0x2566FF81  Win: 0x4074  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:26:25.226278 66.196.65.24:25704 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:43175 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x891FD90E  Ack: 0x449FA4C9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:18:50.083053 24.209.5.98:3504 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:14516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3804BDD1  Ack: 0xA24278B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:18:50.119692 24.209.5.98:3504 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:14517 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3804C385  Ack: 0xA24278B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:27:28.528082 24.61.2.118:2397 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FA0006A  Ack: 0x2C17DD27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:27:28.535681 24.61.2.118:2397 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13743 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FA0061E  Ack: 0x2C17DD27  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-07:12:45.588180 66.196.65.24:42839 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7E22A043  Ack: 0xD61BA3FF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-07:46:23.848409 24.207.208.47:4723 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59415 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CBA99C0  Ack: 0x562ACC43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-07:46:23.921426 24.207.208.47:4723 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CBA9F74  Ack: 0x562ACC43  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-10:50:36.630121 66.196.65.24:30544 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27530 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x427F89F6  Ack: 0xD38B86A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:26.877640 24.198.96.149:3524 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41904 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x32983E8F  Ack: 0x11E035CC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:36.441243 24.198.96.149:3771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42519 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x33712AC9  Ack: 0x12353E77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:45.647182 24.198.96.149:4077 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43493 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347BFCFE  Ack: 0x12651907  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:54.927708 24.198.96.149:4374 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44390 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x357D5F6D  Ack: 0x138B5787  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:55.133006 24.198.96.149:4385 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44434 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3586D49D  Ack: 0x1339A8EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:00:04.431991 24.198.96.149:4738 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45536 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x36B364D7  Ack: 0x13B05C64  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:00:07.833283 24.198.96.149:4824 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45758 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x37023CF2  Ack: 0x145CC66B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:08.043926 24.198.96.149:4829 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45775 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x37073D97  Ack: 0x147247A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:11.459155 24.198.96.149:4914 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3754E134  Ack: 0x13E6DDE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:20.753079 24.198.96.149:1185 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46647 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x382ED49A  Ack: 0x146E3664  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:20.971592 24.198.96.149:1195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46667 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x38371302  Ack: 0x1457911F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.188762 24.198.96.149:1203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x383E17EC  Ack: 0x1504E355  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.448291 24.198.96.149:1212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46721 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3845BE63  Ack: 0x14ADE114  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.673296 24.198.96.149:1217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x384A576D  Ack: 0x14C9A69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.929023 24.198.96.149:1221 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46767 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x384E9EC1  Ack: 0x1544CC70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:22.170142 24.198.96.149:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46795 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x385746DD  Ack: 0x1481B150  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:16:20.029220 66.196.65.24:15290 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:58326 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x536FBEFD  Ack: 0x50B56616  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-13:23:46.132094 66.196.65.24:27814 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:40633 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3C29F483  Ack: 0x4FBDA676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-14:34:53.912856 66.196.65.24:48327 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:47926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x94B93F2E  Ack: 0x5C9B4BAF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-15:59:50.382050 66.196.65.24:32259 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:31882 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFEE80A4D  Ack: 0x9D8E8FC5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-17:18:27.583501 66.196.65.24:5305 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29739 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x265F7327  Ack: 0xC6D97A10  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:04:33.581976 24.209.196.254:3724 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7C5049  Ack: 0x7533CE2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:04:33.590155 24.209.196.254:3724 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7C55FD  Ack: 0x7533CE2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:24:47.861213 24.88.222.55:4063 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57027 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D71A3C1  Ack: 0xC18551F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:24:47.890129 24.88.222.55:4063 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57028 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D71A975  Ack: 0xC18551F3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-18:31:09.392667 66.196.65.24:32623 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x105F7D54  Ack: 0xD9F26D16  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:32:47.280244 24.231.32.81:3188 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:22300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E532DE3  Ack: 0xDF87C014  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:32:47.302772 24.231.32.81:3188 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:22301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E533397  Ack: 0xDF87C014  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-19:44:53.654121 24.209.196.254:3085 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9664 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32CD0E7C  Ack: 0xEF58D116  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-19:44:53.681260 24.209.196.254:3085 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9665 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32CD1430  Ack: 0xEF58D116  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-19:59:25.723035 66.196.65.24:29436 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:52707 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD3262AEE  Ack: 0x267CCD60  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-20:37:47.792003 24.29.16.254:4104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:37552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CDF5AA  Ack: 0xB7699F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-20:37:47.799608 24.29.16.254:4104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:37553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CDFB5E  Ack: 0xB7699F13  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-21:40:39.367357 66.196.65.24:55585 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30610 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CCFC856  Ack: 0xA4B523BD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:01:38.611457 24.209.5.98:1174 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:65381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB8E9295  Ack: 0xF3F6A52A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:01:38.639664 24.209.5.98:1174 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:65382 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB8E9849  Ack: 0xF3F6A52A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:10:53.450534 24.209.196.254:4460 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40649 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F4EF75  Ack: 0x165888D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:10:53.488389 24.209.196.254:4460 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F4F529  Ack: 0x165888D2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:47:25.019219 24.209.71.22:4136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:33108 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9BA1122B  Ack: 0xA07FC0E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:47:25.025311 24.209.71.22:4136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:33109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9BA117DF  Ack: 0xA07FC0E0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:46.380125 24.112.153.44:4332 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40916 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E33ABA  Ack: 0xCF86B125  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:47.382630 24.112.153.44:4366 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40974 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x600A034  Ack: 0xD04CE838  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:57.241156 24.112.153.44:4511 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x692468C  Ack: 0xD0E160B9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:06.985412 24.112.153.44:4649 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41862 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71D2239  Ack: 0xD165C550  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:16.735783 24.112.153.44:4783 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A6C0F5  Ack: 0xD16DE100  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:00:17.192151 24.112.153.44:4787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42256 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7AB9E91  Ack: 0xD1ECB375  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:00:17.690109 24.112.153.44:4793 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42279 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B1C6A1  Ack: 0xD1A022DB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:18.194012 24.112.153.44:4796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42307 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7B5FA0B  Ack: 0xD1CC7BF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:21.908388 24.112.153.44:4846 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42425 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E6BA8C  Ack: 0xD24CDE60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:22.430015 24.112.153.44:4851 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42449 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7EB6E37  Ack: 0xD2639D36  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:35.426867 24.112.153.44:3037 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42921 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8721948  Ack: 0xD2D4D01C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:35.949500 24.112.153.44:3069 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42942 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x897649F  Ack: 0xD2EC4839  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.137345 24.112.153.44:3101 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43004 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8B2C63C  Ack: 0xD3524BC9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.557718 24.112.153.44:3105 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43019 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B60E7C  Ack: 0xD365257E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.935222 24.112.153.44:3110 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BC3F9B  Ack: 0xD360248B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:38.409970 24.112.153.44:3113 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C063C9  Ack: 0xD3437396  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:07:12.478706 66.196.65.24:53494 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:45596 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC3718879  Ack: 0xEB448348  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:16:26.977211 66.196.65.24:11051 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:5123 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEE9F5D99  Ack: 0xF0C7B698  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:28.900530 24.112.153.44:3198 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5064 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7E0E975  Ack: 0x55527D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:38.507877 24.112.153.44:3299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5572 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8439134  Ack: 0xCABC47  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:44.969986 24.112.153.44:3416 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5890 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEA237  Ack: 0x1D2A2F1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:47.322085 24.112.153.44:3462 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8EBDBA3  Ack: 0x13576A8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:50.321844 24.112.153.44:3490 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6142 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9095632  Ack: 0x1768036  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:20:56.658650 24.112.153.44:3580 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6499 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x963D8F5  Ack: 0x294C622  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:20:59.244366 24.112.153.44:3616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6632 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98842AC  Ack: 0x2C70756  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:01.771658 24.112.153.44:3657 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6764 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9AF886E  Ack: 0x2CE1E74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:04.201287 24.112.153.44:3691 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6900 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D1292D  Ack: 0x22FF04F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:06.637641 24.112.153.44:3724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7029 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9F4610A  Ack: 0x29BBDB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:17.341678 24.112.153.44:3891 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7605 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9BE363  Ack: 0x3634FA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:23.131947 24.112.153.44:3915 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB329A7  Ack: 0x350BC18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:35.036660 24.112.153.44:4114 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8514 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB7DCE0C  Ack: 0x45BC90A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:37.322602 24.112.153.44:4147 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8632 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EF374  Ack: 0x4AE1490  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:39.652474 24.112.153.44:4147 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8753 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EF374  Ack: 0x4AE1490  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:42.486646 24.112.153.44:4219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8882 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE6D54E  Ack: 0x56C4D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:51.100104 24.112.153.44:4292 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9326 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC33561B  Ack: 0x5463692  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:52.852345 24.130.219.16:3105 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:7735 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x274EAC1D  Ack: 0xD9C221E1  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:57.570791 24.130.219.16:3190 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8072 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x27A23E37  Ack: 0xDA16D909  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:58.061382 24.130.219.16:3195 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27A76D8D  Ack: 0xDA89A7AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:58.378266 24.130.219.16:3201 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8123 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27ADEF2C  Ack: 0xDA6D8194  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:04.891770 24.130.219.16:3238 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8408 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27D6078B  Ack: 0xDA1E6879  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:18:05.753549 24.130.219.16:3279 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8447 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x28000B89  Ack: 0xDB20E3B8  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:18:06.130584 24.130.219.16:3287 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x28082F6C  Ack: 0xDAADA8E0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:10.164422 24.130.219.16:3338 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8683 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x283B565E  Ack: 0xDAEA4CA2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:10.928629 24.130.219.16:3346 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8742 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2843EA92  Ack: 0xDB733466  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:11.330183 24.130.219.16:3358 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x284E4737  Ack: 0xDB047E4B  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:11.701363 24.130.219.16:3365 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2855462A  Ack: 0xDAEEB167  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:12.320078 24.130.219.16:3370 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8837 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28594081  Ack: 0xDAFD0419  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:13.223813 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8887 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28669B72  Ack: 0xDB430D8E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:16.013626 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9043 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28669B72  Ack: 0xDB430D8E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.045581 24.130.219.16:3428 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9098 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2896028B  Ack: 0xDB22A25E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.423109 24.130.219.16:3448 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9143 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x28A874BE  Ack: 0xDBD43F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.918509 24.130.219.16:3456 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9191 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28B0270D  Ack: 0xDAF6CA8E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:23:10.506464 66.196.65.24:25016 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10435 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4480302D  Ack: 0xED6B2F46  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-02:42:44.721252 66.196.65.24:4554 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65314 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4C3BE40D  Ack: 0x1AEA93DF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-03:55:25.763799 66.196.65.24:33186 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:34851 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x538F1886  Ack: 0x2CD60785  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-04:57:03.214433 66.196.65.24:43670 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61697 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x95178E18  Ack: 0x15EDDF33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-06:03:41.718400 66.196.65.24:59537 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8AF85515  Ack: 0x11D458CC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:13:25.476293 24.209.215.159:3279 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24935 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF88355D2  Ack: 0x366B7D8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:13:25.482884 24.209.215.159:3279 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8835B86  Ack: 0x366B7D8E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:46:48.087892 24.58.202.219:3444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF5620F5D  Ack: 0xB392CCAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:46:48.118404 24.58.202.219:3444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF5621511  Ack: 0xB392CCAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:48:31.439255 24.209.215.159:4187 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:39702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA11454CD  Ack: 0xBAAA76CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:48:31.445585 24.209.215.159:4187 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:39703 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1145A81  Ack: 0xBAAA76CE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:49:22.210579 24.209.215.159:1373 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:43177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA517F62F  Ack: 0xBDE69998  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:49:22.211903 24.209.215.159:1373 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:43178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA517FBE3  Ack: 0xBDE69998  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:04:13.687212 24.175.36.19:1970 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10265 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA8FFC95  Ack: 0xF6874970  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:04:13.693172 24.175.36.19:1970 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10266 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA900181  Ack: 0xF6874970  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:20:25.344497 24.209.215.159:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3818BA9A  Ack: 0x33A736EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:20:25.350787 24.209.215.159:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38885 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3818C04E  Ack: 0x33A736EE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-07:51:15.575113 66.196.65.24:37041 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26782 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x546EEDC8  Ack: 0xA79BC290  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:59:38.039024 24.209.215.159:4557 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:64309 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE0FF988  Ack: 0xC73443AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:59:38.040057 24.209.215.159:4557 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:64310 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE0FFF3C  Ack: 0xC73443AA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-08:22:39.148557 24.209.215.159:3046 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57D0B2A4  Ack: 0x1DF85278  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-08:22:39.153243 24.209.215.159:3046 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57D0B858  Ack: 0x1DF85278  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-08:56:54.465214 66.196.65.24:49239 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:32876 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x18D961A5  Ack: 0xA0037611  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:20:39.441795 24.209.215.159:2336 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DD973D5  Ack: 0xF93529B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:20:39.443060 24.209.215.159:2336 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DD97989  Ack: 0xF93529B4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:34:55.120218 24.209.215.159:4527 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D557697  Ack: 0x2F992847  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:34:55.121245 24.209.215.159:4527 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D557C4B  Ack: 0x2F992847  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-09:38:35.437883 66.196.73.77:41597 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:42467 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x34DDC5EA  Ack: 0x3D2D97FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:47:53.440827 24.207.34.110:3965 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xADE54E4F  Ack: 0x5F5BB1E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:47:53.492443 24.207.34.110:3965 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xADE55403  Ack: 0x5F5BB1E4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-09:58:04.965652 66.196.65.24:53064 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:32841 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AEE27AA  Ack: 0x85D10713  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-11:49:17.626514 24.209.215.159:3750 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15976 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE70B6315  Ack: 0x2A6C54A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-11:49:17.632464 24.209.215.159:3750 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15977 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE70B68C9  Ack: 0x2A6C54A0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-11:59:17.280924 66.196.65.24:63648 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29518 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5BF657F5  Ack: 0x50405047  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-13:11:32.330643 66.196.65.24:29236 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:38543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C6AC6E6  Ack: 0x613816E2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:29:17.114614 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89200173  Ack: 0xA46DBD72  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:29:17.115883 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59763 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89200727  Ack: 0xA46DBD72  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:43:07.570427 24.209.215.159:1219 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0381E8C  Ack: 0xD89D3B26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:43:07.571691 24.209.215.159:1219 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0382440  Ack: 0xD89D3B26  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:18.684774 24.209.5.98:4342 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1590 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4FF348  Ack: 0x1E26EDD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:18.699635 24.209.5.98:4342 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4FF8FC  Ack: 0x1E26EDD6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:32.367168 24.209.215.159:1742 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C08042  Ack: 0x1E92AE59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:32.368437 24.209.215.159:1742 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C085F6  Ack: 0x1E92AE59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:12:28.450453 66.196.65.24:34986 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:24060 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x739A63D6  Ack: 0x485CAF83  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:18:03.534465 64.68.82.52:43214 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:3521 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x3A7565BE  Ack: 0x5CE36B29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 826763631 2419054033 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:57:54.123699 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE252A5A6  Ack: 0xF37408BD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:59:08.609616 216.39.48.30:34333 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17115 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xD5F97E35  Ack: 0xF7FCFCD3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 618085625 2420318387 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-15:28:14.485509 24.126.31.33:2060 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9E4214  Ack: 0x6573AC16  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-15:28:14.491748 24.126.31.33:2060 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55396 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9E47C8  Ack: 0x6573AC16  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-15:37:20.381752 66.196.65.24:30285 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:3427 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBF53A3EE  Ack: 0x88BFF516  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-16:38:37.753792 66.196.65.24:42810 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1FB366BE  Ack: 0x6F7A35CF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:04:43.432479 24.209.215.159:4019 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB5AA4A6  Ack: 0xD242C414  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:04:43.448763 24.209.215.159:4019 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB5AAA5A  Ack: 0xD242C414  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-17:56:12.203914 66.196.65.24:31263 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10911 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC35207D0  Ack: 0x94E6B17B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:32.519514 24.188.213.73:4462 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x729D1AE9  Ack: 0x9C68D2B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:34.775357 24.188.213.73:2209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46997 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x76D9FBF3  Ack: 0x9D0B5E7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:38.479607 24.188.213.73:2212 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47042 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x76DDCDCE  Ack: 0x9D794B11  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-19:01:22.573674 66.196.65.24:58786 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:54061 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x43F047D8  Ack: 0x8A75001B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:20:44.579633 24.209.215.159:4261 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4406 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1793D76  Ack: 0xD41389F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:20:44.580684 24.209.215.159:4261 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA179432A  Ack: 0xD41389F2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:23:46.258645 24.172.63.245:2773 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5947 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76C49F4C  Ack: 0xE004951C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:23:46.264024 24.172.63.245:2773 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76C4A500  Ack: 0xE004951C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-20:07:38.076739 24.207.34.110:4403 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD7114BC  Ack: 0x860DD90A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-20:07:38.158750 24.207.34.110:4403 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39839 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD711A70  Ack: 0x860DD90A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-20:15:53.663696 66.196.65.24:48952 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2488 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDEC7F780  Ack: 0xA439D3BB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-21:17:01.490532 66.196.65.24:5448 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65268 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCC12C8F5  Ack: 0x8B9FF33E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-22:17:04.789930 66.196.65.24:26674 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:63508 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xED2A31AA  Ack: 0x6D700781  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-22:28:41.295587 24.93.134.37:1623 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39AB0DB5  Ack: 0x99EF1134  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-22:28:41.337810 24.93.134.37:1623 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39AB1369  Ack: 0x99EF1134  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-23:47:14.117230 24.209.196.254:4015 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x669EE4BA  Ack: 0xC2101176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-23:47:14.147567 24.209.196.254:4015 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x669EEA6E  Ack: 0xC2101176  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-23:50:42.467635 66.196.65.24:65356 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:44215 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x74FF334A  Ack: 0xCF6776CD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.478072 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5B9E11  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.500766 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5BA3C5  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:47:57.926861 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFDB1D  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:48:03.936638 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42594 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFE0D1  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.208570 24.35.68.68:1728 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38308 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB1976E74  Ack: 0x2EE751DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.685597 24.35.68.68:1735 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38336 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB19E49A7  Ack: 0x2FBA108B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:41.876192 24.35.68.68:1768 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38498 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C3EEAE  Ack: 0x2F574866  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.099256 24.35.68.68:1770 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C66736  Ack: 0x2FE510B2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.290075 24.35.68.68:1774 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38531 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1CA42C6  Ack: 0x2F47CDD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.578796 24.35.68.68:1780 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38550 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1CFA5EC  Ack: 0x2F0AE1CD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.806350 24.35.68.68:1786 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38567 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1D5C080  Ack: 0x2F4594AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:43.035024 24.35.68.68:1790 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38582 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB1D9E5AC  Ack: 0x2FF2D5D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.188973 24.35.68.68:1915 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39120 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB259F710  Ack: 0x3078A989  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.351359 24.35.68.68:1917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB25C1CAF  Ack: 0x3039A9A2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.525808 24.35.68.68:1923 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2611FB4  Ack: 0x306DC434  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.747968 24.35.68.68:1927 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2650329  Ack: 0x30333CBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.089563 24.35.68.68:1932 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39191 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2698E46  Ack: 0x2FE7B7E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.270116 24.35.68.68:1937 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB26EF4FB  Ack: 0x2FA170BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.446192 24.35.68.68:1942 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39219 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB2739F2C  Ack: 0x2FF6B18F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:24:02.713365 24.35.68.68:2083 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB2FF3159  Ack: 0x3121FE50  Win: 0x4470  TcpLen: 20

[**] [1:1549:9] SMTP HELO overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
06/02-01:25:54.387346 216.109.87.238:40150 -> 192.168.1.6:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:46
***AP*** Seq: 0x3715CC77  Ack: 0x14B25245  Win: 0x21F0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10324][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0042]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:27:29.886773 66.196.65.24:45507 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18038 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD4017E9B  Ack: 0x3CCDD619  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-02:32:56.241053 24.209.215.159:2958 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB6C78726  Ack: 0x34A6B6E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-02:32:56.242326 24.209.215.159:2958 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB6C78CDA  Ack: 0x34A6B6E4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-02:46:57.310724 66.196.65.24:47305 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:582 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDB01BEB6  Ack: 0x69636A23  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:16:36.258024 209.237.238.161:1822 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:17902 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x9AE0D8A9  Ack: 0xDA3E4EFB  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431045420 2442981173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:21:29.598626 209.237.238.160:1043 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:59712 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71BD771A  Ack: 0xEC782E46  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 980651665 2443131415 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:55:07.264701 209.237.238.161:1355 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:21893 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7EC722D7  Ack: 0x6B488FC2  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431276492 2444164834 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:57:24.291135 66.196.65.24:25101 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32567 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xABC638C7  Ack: 0x73BB8FAD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-04:25:01.171990 209.237.238.160:3981 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:25357 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x92E32513  Ack: 0xDBA6899C  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 981032769 2445083642 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:20.971764 24.136.163.137:3203 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:41624 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA0514311  Ack: 0xFF5FE1C3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.070206 24.136.163.137:4235 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44424 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA30EA5FE  Ack: 0xFFAA1258  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.362727 24.136.163.137:4262 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44509 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA324E1D7  Ack: 0x27F644  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.595360 24.136.163.137:4278 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44540 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3305FCB  Ack: 0xFFD2A25E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:34.826780 24.136.163.137:4288 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:45527 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA33990B7  Ack: 0x8BE928  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-04:34:44.350241 24.136.163.137:4017 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:48359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA6EA1FD5  Ack: 0x10E92A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:00:07.990461 209.237.238.161:2553 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34987 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71C72BBA  Ack: 0x610DAFFE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431666512 2446162702 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:01:18.673123 66.196.65.24:51629 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:65251 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEEAC2EDF  Ack: 0x64D108AF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:23:51.638926 209.237.238.160:2921 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:47904 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB113A1A5  Ack: 0xBA493C04  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 981385761 2446891854 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-06:03:01.454626 66.196.65.24:8240 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:31920 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC8E8BDC  Ack: 0x4E6FB986  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-08:27:06.248280 66.196.65.24:35453 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24639 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7A26608  Ack: 0x6E97C8A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-09:07:31.384537 66.196.65.24:6742 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24558 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA3D4B139  Ack: 0x780D20C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-09:57:49.537735 66.196.65.24:2448 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27611 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4490D4B2  Ack: 0xC53DF7B3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:06:52.697888 24.209.215.159:4576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8122C837  Ack: 0xE8076AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:06:52.704269 24.209.215.159:4576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8122CDEB  Ack: 0xE8076AEE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:58:54.794183 24.114.34.24:2905 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25749 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD2722A27  Ack: 0xAC8789DE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:58:56.458249 24.114.34.24:2965 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25926 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD2A4B6BF  Ack: 0xAC8389B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:06.634967 24.114.34.24:3265 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3A49380  Ack: 0xACC61CAD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:07.562917 24.114.34.24:3299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27129 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3C069D4  Ack: 0xAD35FE03  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:11.779198 24.114.34.24:3434 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD4351CE0  Ack: 0xADA56CC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-10:59:12.613141 24.114.34.24:3468 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27749 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD451BD27  Ack: 0xAD5492E3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-10:59:16.881354 24.114.34.24:3599 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28216 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD4BFD77D  Ack: 0xAE122295  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:21.428099 24.114.34.24:3722 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28680 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD5282A1E  Ack: 0xADA7EC8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:22.927820 24.114.34.24:3767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD550C5DC  Ack: 0xADE64D5E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:24.301771 24.114.34.24:3806 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28998 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD574C550  Ack: 0xADFB9587  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:34.718493 24.114.34.24:4110 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD67BD66D  Ack: 0xAEF14088  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:36.254415 24.114.34.24:4158 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30298 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6A57BBE  Ack: 0xAF2CE713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:37.496683 24.114.34.24:4203 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30445 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD6CCE8B5  Ack: 0xAECF6C76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:40.549897 24.114.34.24:4203 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD6CCE8B5  Ack: 0xAECF6C76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:48.247249 24.114.34.24:4483 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31446 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7BD849B  Ack: 0xAF6304D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:51.323839 24.114.34.24:4483 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7BD849B  Ack: 0xAF6304D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:52.821585 24.114.34.24:4604 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31871 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD829ED15  Ack: 0xAFA0FB23  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:57.489989 24.114.34.24:4731 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32300 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD896F640  Ack: 0xAFCB1233  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-11:15:55.092687 216.39.48.30:49593 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:6389 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC96C841A  Ack: 0xEC122BB9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 625384700 2457710877 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-11:38:32.708297 66.196.65.24:62822 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40443 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA4C4EBEF  Ack: 0x41A0A171  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-12:20:10.564997 24.114.141.149:1660 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC605F0C4  Ack: 0xDF7A3751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-12:20:10.575148 24.114.141.149:1660 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62537 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC605F678  Ack: 0xDF7A3751  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-12:49:02.435102 66.196.65.24:9141 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:9843 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8695374A  Ack: 0x4C90CE6D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-13:31:18.019660 209.237.238.161:3748 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:41304 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x138538AA  Ack: 0xEBC28038  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 434733118 2461871316 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-13:50:14.028506 66.196.65.24:21054 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:10950 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1C66BC78  Ack: 0x33355FC4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:02:37.704778 66.196.65.24:47268 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28667 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC5041735  Ack: 0x448FDA87  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:45:42.146321 209.237.238.174:44776 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:4738 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC2AAF421  Ack: 0xE7EB45E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23979692 2466001597 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:48:11.163823 209.237.238.173:34756 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:42052 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xCB9184C0  Ack: 0xF1969940  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23994632 2466077929 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:55:12.658947 209.237.238.161:3563 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:1570 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x352B7E97  Ack: 0xB31BA10  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 435596468 2466293798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:00:20.194713 209.237.238.175:54671 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:13471 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFA8D0B6F  Ack: 0x1E876E3A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24068094 2466451319 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:08:44.606233 209.237.238.173:55181 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:45577 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1A0FB0C3  Ack: 0x3F13F06A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24117971 2466709649 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:09:51.496572 209.237.238.174:37526 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:763 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1E7C1E3C  Ack: 0x426B5218  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24124620 2466743920 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:15:17.618007 209.237.238.172:49790 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:62683 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x32DE4CF1  Ack: 0x576A81B4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24164403 2466910957 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:23:57.766931 209.237.238.174:55432 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:55299 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x543BBF54  Ack: 0x77FC8CFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24209246 2467177364 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:38.460306 24.87.77.106:3533 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5017 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4CE3F8  Ack: 0xD93FEEFE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:38.943230 24.87.77.106:3544 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5062 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE5773B7  Ack: 0xD956D429  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.197360 24.87.77.106:3561 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5113 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE631A09  Ack: 0xD9106ADD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.452141 24.87.77.106:3575 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5158 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE6C8818  Ack: 0xDA611B21  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.842277 24.87.77.106:3588 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE76723D  Ack: 0xDA37DAF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:49:40.102899 24.87.77.106:3602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5267 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE823D74  Ack: 0xDA9181E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:49:40.349548 24.87.77.106:3608 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5294 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE8801EB  Ack: 0xDA569174  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:40.699139 24.87.77.106:3618 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5348 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE901FE7  Ack: 0xDA501167  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.063203 24.87.77.106:3637 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9D0F3E  Ack: 0xDA504B14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.286890 24.87.77.106:3650 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5496 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA82176  Ack: 0xDA794667  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.509213 24.87.77.106:3654 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAC0635  Ack: 0xDA1A985E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.806558 24.87.77.106:3666 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5606 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB58188  Ack: 0xDA61DA2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.032653 24.87.77.106:3679 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEC041A4  Ack: 0xDAAB8CB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.245397 24.87.77.106:3688 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC833A0  Ack: 0xD9C6DBC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.479078 24.87.77.106:3699 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5729 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED10D18  Ack: 0xD9EC3B0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:52.431415 24.87.77.106:4080 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1006B7AA  Ack: 0xDA5E3734  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:50:58.903668 66.196.65.24:63039 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40934 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCEA798D8  Ack: 0xDF4D34DA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.062607 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89CD3D  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.083756 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89D2F1  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-17:53:19.487057 66.196.65.24:22959 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45408 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFFE3E945  Ack: 0xCA4673F6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:05.143455 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:05.694949 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39676 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:06.819144 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39677 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.048572 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11706 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF76054A  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.110669 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11710 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF760AFE  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:11.758553 24.203.221.5:4010 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4079 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEB3C5879  Ack: 0x7F36A724  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:16.551715 24.203.221.5:4085 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4806 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEB7A9B37  Ack: 0x7FF70E9B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:26.892893 24.203.221.5:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6592 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED2F87A4  Ack: 0x8041D97D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:30.810515 24.203.221.5:4786 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7172 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDA60E76  Ack: 0x80C12B62  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:31.159243 24.203.221.5:4828 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7265 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEDBD26B6  Ack: 0x80E08A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:49:31.760453 24.203.221.5:4863 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7330 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEDCC617A  Ack: 0x80378CF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:49:35.374390 24.203.221.5:1106 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7884 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEE4C3E45  Ack: 0x805E6F58  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:36.088355 24.203.221.5:1118 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7998 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEE565F62  Ack: 0x80D045C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:36.791754 24.203.221.5:1155 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8091 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE73AA9C  Ack: 0x814EB843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:37.196255 24.203.221.5:1179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8185 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE87A346  Ack: 0x812236E6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:47.214223 24.203.221.5:1551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEFB51356  Ack: 0x810B3D35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:47.432062 24.203.221.5:1563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9635 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEFC05929  Ack: 0x82087945  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:51.085978 24.203.221.5:1690 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10102 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF02CEC82  Ack: 0x814B9D8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:54.110876 24.203.221.5:1690 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10486 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF02CEC82  Ack: 0x814B9D8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:57.701008 24.203.221.5:1800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10970 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF08DC220  Ack: 0x8192ADDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:03.688933 24.203.221.5:1800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11815 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF08DC220  Ack: 0x8192ADDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:07.078409 24.203.221.5:2270 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12349 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF2196492  Ack: 0x824D36F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:07.696915 24.203.221.5:2287 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12421 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF2277CB4  Ack: 0x82D58C8C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.608861 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FAC816  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.617375 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FACDCA  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-21:42:09.300194 66.196.65.24:39242 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:10512 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA360CFFC  Ack: 0x29341505  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:01:11.986755 24.136.152.220:3894 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x26598AAA  Ack: 0x71610E9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:01:12.015404 24.136.152.220:3894 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2659905E  Ack: 0x71610E9F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.865235 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15365 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C6D9E  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.906158 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15366 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C7352  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:44:59.148083 24.209.98.148:4304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:48729 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5A143D  Ack: 0x1761FD99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:44:59.191531 24.209.98.148:4304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:48730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5A19F1  Ack: 0x1761FD99  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:26:17.759592 66.196.65.24:33215 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32144 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x71D7F24B  Ack: 0xB2E53C1D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:53.904763 24.35.68.68:3738 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26139 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x439451C5  Ack: 0x2F242E74  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.727826 24.35.68.68:3747 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26162 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x439D9E74  Ack: 0x2F063D5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.937310 24.35.68.68:3753 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26185 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43A28A31  Ack: 0x2E6F24F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.080503 24.35.68.68:4346 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27649 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46073873  Ack: 0x31218EEC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.293892 24.35.68.68:4348 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27662 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x46091455  Ack: 0x31C22470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.472209 24.35.68.68:4350 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460B3B93  Ack: 0x319CEE66  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.671090 24.35.68.68:4355 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27683 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460F4620  Ack: 0x31185F30  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.853381 24.35.68.68:4358 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27695 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46126186  Ack: 0x31569A05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.039677 24.35.68.68:4360 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46146F31  Ack: 0x32090684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.227905 24.35.68.68:4363 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4617AD0F  Ack: 0x313CA162  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.410200 24.35.68.68:4366 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x461A75B8  Ack: 0x317201E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.614049 24.35.68.68:4411 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x464490B6  Ack: 0x3220F2E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.810154 24.35.68.68:4415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27847 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46485BBD  Ack: 0x31F22908  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.968261 24.35.68.68:4419 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x464B1C9F  Ack: 0x31E39370  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.141414 24.35.68.68:4422 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27869 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x464DFFCD  Ack: 0x319C5E85  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.348147 24.35.68.68:4425 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4650A732  Ack: 0x31BD7FF1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-00:11:42.663542 218.58.115.113:2024 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:36403 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x2F62659E  Ack: 0x5F637E06  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-00:11:42.679337 218.58.115.113:2024 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:36404 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x2F626B24  Ack: 0x5F637E06  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-01:23:21.694941 66.196.65.24:54066 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:42667 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE9B12A33  Ack: 0x6D852829  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-02:01:35.860088 216.39.48.30:38545 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:15794 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xD85A9325  Ack: 0xFD439DF5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 630697637 2484928590 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-02:37:44.391474 66.196.65.24:49182 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:48237 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBD5CDC7  Ack: 0x87574E87  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-03:39:15.561875 66.196.65.24:14033 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3244 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9A5674D  Ack: 0x6F13D29D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-04:53:01.467791 66.196.65.24:1336 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:37569 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF9DFB2C  Ack: 0x8678F82F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-06:18:04.382574 66.196.65.24:37751 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27835 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCC564F36  Ack: 0xC7ACC791  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-06:54:57.480079 24.98.45.13:4858 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2758 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30B1B20F  Ack: 0x525C635F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-06:54:57.488504 24.98.45.13:4858 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2759 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30B1B7C3  Ack: 0x525C635F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-07:02:27.401762 24.26.92.185:4412 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF72B6790  Ack: 0x6EFF6CCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-07:02:27.409316 24.26.92.185:4412 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF72B6D44  Ack: 0x6EFF6CCB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-07:43:37.401431 66.196.65.24:60510 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:48240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD1EA05B1  Ack: 0xA2FF559  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-08:39:59.431170 24.118.108.28:1098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57271 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB151E52  Ack: 0xDE93968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-08:39:59.440193 24.118.108.28:1098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57272 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB152406  Ack: 0xDE93968A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-09:09:08.496730 66.196.65.24:19104 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:1182 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3F29DC08  Ack: 0x4D07FE6F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-09:22:24.388253 24.172.63.245:4186 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB52EFAD  Ack: 0x7EA45108  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-09:22:24.394731 24.172.63.245:4186 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB52F561  Ack: 0x7EA45108  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:22.812575 67.162.149.169:1778 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17067 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x5C83E0B0  Ack: 0x25A26047  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.226011 67.162.149.169:1778 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17079 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x5C83E171  Ack: 0x25A262F6  Win: 0xF841  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.482600 67.162.149.169:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17100 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x5C88AD2D  Ack: 0x26538CC7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.849412 67.162.149.169:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17108 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x5C88ADEE  Ack: 0x26538F76  Win: 0xF841  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.146554 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17127 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x5C8D2D61  Ack: 0x26071F00  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.278079 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17132 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0x5C8D2DFD  Ack: 0x2607206E  Win: 0xF982  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.628918 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17140 IpLen:20 DgmLen:214 DF
***AP*** Seq: 0x5C8D2EAC  Ack: 0x2607231C  Win: 0xF6D4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:50:26.613878 66.196.65.24:9655 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:49004 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFE71DB89  Ack: 0xCB689E9D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-12:18:08.620389 66.196.65.24:33466 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:1719 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF5BDF8E  Ack: 0x1745809A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-12:55:30.903976 24.34.176.236:4189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:14197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C7063A  Ack: 0xA4C738B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-12:55:30.912666 24.34.176.236:4189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:14198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C70BEE  Ack: 0xA4C738B5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-13:31:04.993367 66.196.65.24:21515 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:52066 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x45966A69  Ack: 0x2AD3FBAA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-15:06:24.815173 66.196.65.24:58992 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3833 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6ABB5230  Ack: 0x92806F52  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-16:14:04.499162 66.196.65.24:39701 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:65002 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6E9FD8AE  Ack: 0x9293B3B6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-17:16:25.165854 66.196.65.24:5434 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:4215 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6D1505B7  Ack: 0x7D5B7492  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-18:23:50.178370 66.196.65.24:43505 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50891 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x26E6E264  Ack: 0x7D039C77  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-19:26:40.884592 66.196.65.24:65242 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19900 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6CBD70A7  Ack: 0x6A5A5C7F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:17:53.993985 216.39.48.30:44621 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40556 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x58F99FE  Ack: 0x2C255000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 637274021 2518618829 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:17:54.411111 216.39.48.30:44621 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40557 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x58F99FE  Ack: 0x2C255000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 637274063 2518618829 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:53:44.708981 66.196.65.24:10706 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBCE8923E  Ack: 0xB36E63ED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:03:42.015496 24.242.253.122:1946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41720 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18A80C72  Ack: 0xD84444C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:22:10.117336 24.239.167.179:1224 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34039 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x48008B3B  Ack: 0x1D9C5B42  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:22:13.834845 24.239.167.179:1422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35081 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x489F5EE8  Ack: 0x1D892424  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-22:00:02.952295 66.196.65.24:37094 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45489 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8B98DB23  Ack: 0xAEA09C93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-22:38:58.338179 24.209.34.185:3254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5715023  Ack: 0x40D1DA93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-22:38:58.361060 24.209.34.185:3254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14451 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57155D7  Ack: 0x40D1DA93  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-23:02:50.773588 66.196.65.24:57647 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:11646 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF05674EB  Ack: 0x9B1B55BC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:16:13.141858 24.209.34.185:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1486 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFD7CD26  Ack: 0xCC50A505  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:16:13.181521 24.209.34.185:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFD7D2DA  Ack: 0xCC50A505  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:49:51.680217 24.209.98.148:3700 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:17208 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB692D3FC  Ack: 0x4BBF0C80  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:49:51.706911 24.209.98.148:3700 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:17209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB692D9B0  Ack: 0x4BBF0C80  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-00:20:06.662572 66.196.65.24:42492 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59314 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4D65DFCF  Ack: 0xBE923EEF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-01:10:59.142757 24.209.34.185:1941 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E0FE74F  Ack: 0x7F4D505A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-01:10:59.165121 24.209.34.185:1941 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49093 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E0FED03  Ack: 0x7F4D505A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-01:27:18.953224 66.196.65.24:2197 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27752 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB20E0F17  Ack: 0xBC34D86C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-02:37:09.162440 66.196.65.24:36135 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:22953 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA9B72177  Ack: 0xC4F013AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-03:37:20.502358 66.196.65.24:39526 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:29259 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF0792FF6  Ack: 0xA727FC7F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-04:50:25.147705 24.209.34.185:2119 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7715 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x53B12313  Ack: 0xBB0D94DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-04:50:25.170224 24.209.34.185:2119 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7716 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x53B128C7  Ack: 0xBB0D94DD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-05:23:01.899233 66.196.65.24:16351 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:12722 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA1439A73  Ack: 0x36899B94  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:41.135041 24.98.140.134:2350 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31518 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x766D19B5  Ack: 0x237DC83B  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:41.722824 24.98.140.134:2386 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31595 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x768C1545  Ack: 0x22AF96A9  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:51.278363 24.98.140.134:2728 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77A74A59  Ack: 0x234C9911  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:51.753576 24.98.140.134:2758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32953 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77C08CCC  Ack: 0x23A54196  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:01.245198 24.98.140.134:3136 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x78FCD28C  Ack: 0x2443E3B2  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:26:01.743329 24.98.140.134:3155 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34407 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x790C1EC3  Ack: 0x2411E10E  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:26:02.294797 24.98.140.134:3175 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34471 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x791D3790  Ack: 0x24B650B7  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:02.739746 24.98.140.134:3187 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34548 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7928C4E4  Ack: 0x242DD4CC  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:12.447023 24.98.140.134:3592 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36017 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A75A492  Ack: 0x2537132D  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:15.696532 24.98.140.134:3611 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36577 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A858A63  Ack: 0x24F35337  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:16.145478 24.98.140.134:3758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36650 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7B0161A4  Ack: 0x259DE9CF  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:25.746211 24.98.140.134:4146 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:37952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C42BF17  Ack: 0x25712B10  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:26.045707 24.98.140.134:4159 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:38020 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7C4E128B  Ack: 0x2609D67F  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:35.442020 24.98.140.134:4168 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:39596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C55CEE9  Ack: 0x255446A6  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:38.638781 24.98.140.134:4595 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40130 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7DAC8A57  Ack: 0x26F81223  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:39.122268 24.98.140.134:4836 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40179 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E1ECBD7  Ack: 0x26CBBB1F  Win: 0xF990  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:48:23.417907 66.196.65.24:13404 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:21676 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x913C2691  Ack: 0x79945043  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-07:50:31.231954 66.196.65.24:27265 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:13373 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CCAB0D6  Ack: 0x636CE734  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-09:37:14.861336 66.196.65.24:15845 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59036 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5DC77D77  Ack: 0xF7A03BFF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-10:41:21.282865 66.196.65.24:35846 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53CE6A5D  Ack: 0xE99DC59D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-12:08:12.860362 66.196.65.24:50623 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6123 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEFD4BEC5  Ack: 0x318075D9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-12:09:47.747590 64.68.82.36:33465 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:40141 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF70B7AD  Ack: 0x365DED38  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 851914295 2547867727 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-12:19:56.940244 24.118.120.204:3282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B50C24B  Ack: 0x5DB6F330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-12:19:57.074913 24.118.120.204:3282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B50C7FF  Ack: 0x5DB6F330  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-13:15:48.909104 66.196.65.24:18064 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:63856 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC543AA33  Ack: 0x318E960C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-14:19:33.726719 66.196.65.24:41461 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20909 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCD12C9A5  Ack: 0x219B7621  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-15:20:08.474264 66.196.65.24:58870 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51168 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF7B6A7F  Ack: 0x70067A0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:28:14.201619 66.196.65.24:29661 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:7502 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69E646BB  Ack: 0x7B5D0B5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:20.296093 24.57.13.78:4783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24222 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEB66E46B  Ack: 0x62D170FA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:24.381900 24.57.13.78:4875 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24619 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEBB9939D  Ack: 0x62E05EC2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:27.658111 24.57.13.78:4971 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25006 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC0B1595  Ack: 0x63D1FED6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:27.992283 24.57.13.78:4980 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25051 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC128FB4  Ack: 0x63BAAE2E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:31.220761 24.57.13.78:1108 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC5F6426  Ack: 0x637DECFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:52:31.469349 24.57.13.78:1122 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25460 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC6ACD25  Ack: 0x635010B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:52:34.721595 24.57.13.78:1192 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25780 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xECA9389E  Ack: 0x63C10E56  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:34.962170 24.57.13.78:1197 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25806 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xECADFCE2  Ack: 0x638C5D7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:35.260032 24.57.13.78:1205 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25830 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECB4ACDF  Ack: 0x644EE4FD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:35.596768 24.57.13.78:1212 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25871 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECBA18A9  Ack: 0x6440603A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:39.050793 24.57.13.78:1294 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED027B4A  Ack: 0x645C713B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.209677 24.57.13.78:1359 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26753 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED3CA8CC  Ack: 0x64272BFB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.395079 24.57.13.78:1411 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED70E1E7  Ack: 0x6479C5F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.553928 24.57.13.78:1416 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED74B412  Ack: 0x6500A0F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.731633 24.57.13.78:1423 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26818 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED7B1422  Ack: 0x64253832  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.917442 24.57.13.78:1429 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26838 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED7FC83B  Ack: 0x645F27F9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-17:41:43.472202 66.196.65.24:12518 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24957 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAB1C9BD2  Ack: 0x1C4F377A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-18:46:55.797471 66.196.65.24:35892 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:4713 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x42894660  Ack: 0x14293681  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-20:11:22.209535 66.196.65.24:35809 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24090 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDE899D78  Ack: 0x524CB48D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-21:32:21.772371 66.196.65.24:27398 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:33317 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCAB6BEDB  Ack: 0x853612A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
06/04-21:34:06.925978 210.93.94.171:2669 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:2931 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xB42CFB76  Ack: 0x8AF10D90  Win: 0x4470  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-22:40:30.078116 66.196.65.24:59457 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:57737 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x65E4AB4F  Ack: 0x8651AD79  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-23:42:20.679354 66.196.65.24:8806 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32232 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x98199BA9  Ack: 0x6FBF3494  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-00:42:32.362952 66.196.65.24:22274 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38882 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF12D2A55  Ack: 0x52BBF62C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-02:01:26.105623 66.196.65.24:18340 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53318 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA0A33B89  Ack: 0x7D2F8EB6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-02:52:10.747235 66.196.65.35:50225 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:40443 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x711B136C  Ack: 0x3D0FE63E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11117823 2574987755 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-03:34:35.373317 66.196.65.24:35495 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:5658 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF78080D  Ack: 0xDE1CB6B7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-04:06:50.984198 66.196.65.35:36579 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:39815 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDC210B9E  Ack: 0x57219460  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11565813 2577282455 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-04:20:38.967232 24.102.203.62:1454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:21132 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6696C533  Ack: 0x89BF60EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-04:40:26.900225 66.196.65.24:57585 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24438 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBFEBF989  Ack: 0xD4D97901  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-05:53:44.767407 66.196.65.24:33476 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:30678 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x412857C6  Ack: 0xEA66F447  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-06:05:50.407186 66.196.65.35:38891 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:14663 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF2248FD  Ack: 0x17CADF33  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 12279692 2580939079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-06:58:35.164506 66.196.65.24:48910 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53877 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7FA50E4A  Ack: 0xDFCA1FB6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-07:06:35.178310 66.196.65.35:40253 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:21843 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x48D11484  Ack: 0xFE7DC033  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 12644145 2582805885 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-08:03:46.216965 66.196.65.24:64112 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32195 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7562F325  Ack: 0xD57ABF33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-08:44:15.009648 66.196.65.35:58181 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:35528 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA48FE203  Ack: 0x6E92EC21  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13230081 2585807160 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-09:15:47.322280 66.196.65.24:29082 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27291 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3046EC7D  Ack: 0xE619EC19  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-09:48:26.054834 66.196.65.35:59281 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:218 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6081BDCF  Ack: 0x60B041A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13615158 2587779606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:47.030150 66.196.65.35:59120 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55804 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAF7FA7  Ack: 0x49EFA1E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13983228 2589664935 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.172773 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:101 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xDACC2939  Ack: 0x497DA397  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.752692 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:102 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDACC29D9  Ack: 0x497DA505  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.992547 129.137.203.234:1043 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:107 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDBB5CB0E  Ack: 0x498FCE42  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-11:06:11.463644 66.196.65.24:16071 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:31321 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7DC13586  Ack: 0x87A5ADA9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-11:54:27.354265 66.196.65.35:59414 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:50669 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCDB0C458  Ack: 0x3D602F62  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 14371230 2591652352 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-12:42:57.520816 66.196.65.24:34872 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3852 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2305CFFB  Ack: 0xF464C6CD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-12:57:13.729132 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x731617B9  Ack: 0x2A57B127  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-12:57:13.761164 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73161D6D  Ack: 0x2A57B127  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-13:44:10.730549 66.196.65.35:48219 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:39129 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7603329D  Ack: 0xDB3820FC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 15029519 2595024241 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-13:46:55.559254 66.196.65.24:46114 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40242 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x47B5D39E  Ack: 0xE5383DD0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-14:20:40.720694 24.103.146.165:1141 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x82295C65  Ack: 0x6658E46D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-14:20:40.785132 24.103.146.165:1141 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x82296219  Ack: 0x6658E46D  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:05.053501 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:139 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2A5ECA83  Ack: 0x371F4717  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:08.793671 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:140 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2A5ECB23  Ack: 0x371F4885  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:09.108807 129.137.203.234:1054 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:144 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xE8123C95  Ack: 0x37EF575F  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:02:56.408194 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:696 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x45E88B82  Ack: 0xE7F43182  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:02:56.880257 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:697 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0x45E88C10  Ack: 0xE7F432F0  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-16:25:10.333035 24.34.222.52:4454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34991 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E1DE18B  Ack: 0x3B360E10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-16:25:10.341095 24.34.222.52:4454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34992 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E1DE73F  Ack: 0x3B360E10  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:30.420409 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18648 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x31A1CC2B  Ack: 0x47EABDF7  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:30.758765 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18649 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x31A1CCB9  Ack: 0x47EABF65  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:46.049826 129.137.203.234:1379 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18666 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x2E147128  Ack: 0x49941D69  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:34:18.486434 66.196.65.35:39051 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:52678 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x84440CD0  Ack: 0x5E2CBBAF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 16050217 2600252463 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-17:12:02.990160 24.130.80.176:4522 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:58531 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x159D7CCF  Ack: 0xED1EB2FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-17:12:02.998572 24.130.80.176:4522 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:58532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x159D8283  Ack: 0xED1EB2FE  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/05-18:04:08.905220 64.159.2.135 -> 192.168.1.6
ICMP TTL:244 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:59127 -> 198.6.49.5:53
UDP TTL:53 TOS:0x0 ID:0 IpLen:20 DgmLen:80 DF
Len: 52
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-18:19:30.059462 66.196.65.35:38970 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:60304 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5B0563F7  Ack: 0xECD1894C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 16681327 2603485116 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-19:55:01.161123 66.196.65.35:39284 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:21056 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF6C145C7  Ack: 0x5563DDC9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 17254394 2606420504 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:05.581796 24.114.7.121:4475 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11620 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8E9825D0  Ack: 0x5CF526C8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:11.161978 24.114.7.121:4593 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12095 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8F00A2BA  Ack: 0x5D48FE0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:19.606026 24.114.7.121:4791 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12915 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8FAA6AB7  Ack: 0x5CF0C51B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:29.076647 24.114.7.121:3100 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13819 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x905B7DA9  Ack: 0x5DB6DF36  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:33.035258 24.114.7.121:3100 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x905B7DA9  Ack: 0x5DB6DF36  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:38.340869 24.114.7.121:3229 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14606 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x90D15517  Ack: 0x5E26C223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-20:01:46.144573 24.164.115.194:2308 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:36602 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B120CDA  Ack: 0x6DE4AB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-20:01:46.178045 24.164.115.194:2308 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:36603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B12128E  Ack: 0x6DE4AB00  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-21:13:06.159820 24.174.88.220:4103 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F02657F  Ack: 0x7BDEA12B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-21:13:06.176696 24.174.88.220:4103 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F026B33  Ack: 0x7BDEA12B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:04:23.686022 24.209.98.148:1501 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:36302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CA35A95  Ack: 0x3CD1B4DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:04:23.716529 24.209.98.148:1501 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:36303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CA36049  Ack: 0x3CD1B4DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:11:20.351487 66.196.65.35:47056 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18265 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x48BD3CF2  Ack: 0x57D5B78C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18072249 2610609703 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:12.740821 24.74.152.249:4531 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD52EE881  Ack: 0xCFF3895D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:13.207795 24.74.152.249:4540 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2879 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD535E9D0  Ack: 0xD029DAC5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:13.431856 24.74.152.249:4545 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2908 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD53B3914  Ack: 0xD030B07F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:17.026622 24.74.152.249:4660 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:3442 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD598AB63  Ack: 0xD07D9DF4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:20.484548 24.74.152.249:4792 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4088 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD6030250  Ack: 0xD0C2CD5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:43:20.700239 24.74.152.249:4798 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4119 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6088E22  Ack: 0xD058C41E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:43:20.882192 24.74.152.249:4805 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4142 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD60EB916  Ack: 0xD0807AD5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:21.103432 24.74.152.249:4808 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4175 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6124444  Ack: 0xD0D188CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:24.572038 24.74.152.249:4888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6598D21  Ack: 0xD04ED716  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:28.169774 24.74.152.249:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6A82B05  Ack: 0xD0CDF59A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:28.373347 24.74.152.249:4982 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6AD3C14  Ack: 0xD0846627  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:32.602562 24.74.152.249:1148 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD7212394  Ack: 0xD1194C80  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.005911 24.74.152.249:1162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD72DAAA3  Ack: 0xD0B47D7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.440293 24.74.152.249:1168 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5805 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD733995E  Ack: 0xD0C3B71E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.943017 24.74.152.249:1184 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5865 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD740ABF1  Ack: 0xD0C958DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:37.997678 24.74.152.249:1298 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6359 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7A3F87A  Ack: 0xD1DBC2A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:58:10.918122 200.39.200.135:3847 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64235 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x2CDDFE5C  Ack: 0x9BF1436  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-23:24:04.276528 66.196.65.35:37206 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38533 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6ECC8D6  Ack: 0x6B7C5A22  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18508608 2612844840 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:32:39.001406 66.196.65.35:49358 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22120 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF2652DEB  Ack: 0x6DCA6CA3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18920052 2614952340 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:11.342030 24.114.7.121:4651 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3033 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACD0D70  Ack: 0x86E56B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:14.322657 24.114.7.121:4651 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3187 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACD0D70  Ack: 0x86E56B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:15.963261 24.114.7.121:4707 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3279 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6B0801EE  Ack: 0x879AF63B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:16.224137 24.114.7.121:4711 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B0BCD56  Ack: 0x878D6D1F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:16.488833 24.114.7.121:4718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3328 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B1195B7  Ack: 0x872C8F4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:19.433034 24.114.7.121:4718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3471 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B1195B7  Ack: 0x872C8F4C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:19.937577 24.114.7.121:4766 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3485 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6B417700  Ack: 0x86FED93D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:39:20.200961 24.114.7.121:4770 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3496 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6B45EB01  Ack: 0x87CE3005  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:39:20.471762 24.114.7.121:4772 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3513 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6B483798  Ack: 0x87763205  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:20.705101 24.114.7.121:4775 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3521 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B4B9C0C  Ack: 0x8740988C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:24.383713 24.114.7.121:4834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3763 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B836387  Ack: 0x880817E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:24.611918 24.114.7.121:4842 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B8A2CEA  Ack: 0x8727C953  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:34.191745 24.114.7.121:3022 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4377 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C0CB373  Ack: 0x885B14A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:37.728154 24.114.7.121:3064 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4578 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C35F023  Ack: 0x88AA66DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:37.962864 24.114.7.121:3066 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4595 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C38E848  Ack: 0x88775556  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:38.149265 24.114.7.121:3071 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4606 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C3D312C  Ack: 0x889E6130  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:41.237975 24.114.7.121:3071 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4678 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C3D312C  Ack: 0x889E6130  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:41.539897 24.114.7.121:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4701 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6C5BAF23  Ack: 0x8867DAC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:45.075645 24.114.7.121:3147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4914 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8EC929  Ack: 0x89268FFF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-02:05:09.339657 66.196.65.35:47711 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:65028 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3B63122C  Ack: 0xCB86E76A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 19475041 2617795097 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-03:11:24.390477 66.196.65.35:50386 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22628 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8F4DA6C2  Ack: 0xC5654DBC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 19872515 2619831028 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-04:15:05.103737 66.196.65.35:35861 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:23327 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x44F38BF7  Ack: 0xB4E37950  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 20254556 2621787936 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-06:30:40.599467 66.196.65.35:52693 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9577 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x562592F6  Ack: 0xB603AF9D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 21068046 2625954781 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-07:31:07.825858 66.196.65.35:47375 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:60916 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xBB394D76  Ack: 0x9A9158D6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 21430739 2627812568 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-09:10:17.496547 66.196.65.35:46746 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:8782 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x97C1FC6C  Ack: 0x11712E60  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22025656 2630859854 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-09:19:18.962073 24.42.220.118:2127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15124 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x881EA10D  Ack: 0x3277DD8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-09:19:19.026172 24.42.220.118:2127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x881EA6C1  Ack: 0x3277DD8B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-10:11:18.004532 66.196.65.35:41676 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9925 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5D12B825  Ack: 0xF7E5190F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22391678 2632734699 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:12:06.470262 66.196.65.35:33903 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:4154 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD64568FC  Ack: 0xDC2F69A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22756501 2634603369 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:20.599847 24.98.20.14:2591 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45417 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF5AD8C39  Ack: 0xEF81F08A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:23.029932 24.98.20.14:2824 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46128 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF6686C85  Ack: 0xF0784A15  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:25.612719 24.98.20.14:3021 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46813 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF6FC35C0  Ack: 0xF0B81E03  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:31.151600 24.98.20.14:3241 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:48280 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7ADD69F  Ack: 0xF1DE2B7B  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:42.573004 24.98.20.14:4538 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:51449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFB89F70E  Ack: 0xF1BDC068  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:17:51.224143 24.98.20.14:1029 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:53795 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFCFB307B  Ack: 0xF26C84FB  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:17:53.755042 24.98.20.14:1504 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:54472 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFE6E353B  Ack: 0xF31ECE52  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:56.169620 24.98.20.14:1752 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55206 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFF23D7BF  Ack: 0xF2A9CBC4  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:58.298274 24.98.20.14:1950 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFB66B65  Ack: 0xF3007C23  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:00.452980 24.98.20.14:2128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x431FEA  Ack: 0xF319DB91  Win: 0x44E8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:07.274680 24.98.20.14:2316 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0xDA6E6D  Ack: 0x7BF8F500  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:08.503870 24.98.20.14:2797 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2488E8E  Ack: 0xF3BA15B6  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:10.688427 24.98.20.14:2994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59134 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2E25F65  Ack: 0xF3A677B4  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.744844 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60104 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBAB44D  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.746122 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60105 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBABA01  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-12:20:43.825625 193.155.74.66:1883 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:51104 IpLen:20 DgmLen:147 DF
***AP*** Seq: 0x790F9B70  Ack: 0xE02D4842  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.190363 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D1A61  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.202522 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D2015  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-13:17:16.474622 66.196.65.35:50928 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:61857 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF1AB95BE  Ack: 0xB59DE5EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23507442 2638449859 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:07:25.962832 24.210.203.121:4587 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41886 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0x57042ED0  Ack: 0x733A0292  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:24:42.489359 66.196.65.35:53737 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38110 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC7E4DA97  Ack: 0xB5621EAE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23912013 2640522149 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:24:56.217414 66.27.55.14:34874 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:42691 IpLen:20 DgmLen:153 DF
***AP*** Seq: 0x88D3D085  Ack: 0xB597682A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68188026 2640528918 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.715696 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1321FC89  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.716993 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1322023D  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.061848 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D95DFD  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.093795 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61432 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D963B1  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.805888 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32186 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC8892E4  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.807169 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32187 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC889898  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.446772 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46972 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16867  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.448069 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16E1B  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-15:45:38.143499 66.196.65.35:39016 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:17789 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5CC6CBDC  Ack: 0xE5D7BF81  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24397543 2643009141 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-15:59:05.157314 216.39.48.30:41056 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:47671 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xEC707916  Ack: 0x19EB0166  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 661635888 2643422456 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:07:49.065250 24.91.73.152:1345 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:45554 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74E67AE7  Ack: 0x39A10CCC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.211646 24.91.73.152:1589 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46373 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75CC7204  Ack: 0x3B2F74BA  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.375263 24.91.73.152:1591 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75CE7113  Ack: 0x3AC5F57F  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.551312 24.91.73.152:1594 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46405 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75D15567  Ack: 0x3B7C927F  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.732943 24.91.73.152:1598 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75D438C9  Ack: 0x3B5FAD7A  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-16:08:01.916577 24.91.73.152:1601 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46442 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75D70EE4  Ack: 0x3B7CD727  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-16:08:05.298992 24.91.73.152:1657 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46605 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x760D4B37  Ack: 0x3BDADA95  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.443673 24.91.73.152:1660 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46620 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7610BA09  Ack: 0x3C0E9690  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.637330 24.91.73.152:1663 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76134C19  Ack: 0x3C141422  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.813236 24.91.73.152:1671 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46654 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761A55C3  Ack: 0x3C34A966  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.978594 24.91.73.152:1674 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46669 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761DC32A  Ack: 0x3BCC9541  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:06.190634 24.91.73.152:1677 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7620CDD7  Ack: 0x3BEC5C5C  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.622753 24.91.73.152:1721 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46798 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x764EAAAF  Ack: 0x3BED0EB9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.775098 24.91.73.152:1723 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76510B18  Ack: 0x3CB2CFB8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.954385 24.91.73.152:1726 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46816 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7653C894  Ack: 0x3C0379BD  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:10.115509 24.91.73.152:1729 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46825 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7656EFBB  Ack: 0x3BFEFC83  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.261986 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60280EBC  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.292525 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60281470  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-17:05:49.679916 66.196.65.35:52136 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:6807 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x685A56B7  Ack: 0x144E09E3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24878661 2645473517 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:10.867033 24.129.102.205:4727 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62392 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFA1387BE  Ack: 0x116629D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:21.321345 24.129.102.205:1354 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:63994 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFBAE2669  Ack: 0x14FADFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:25.160118 24.129.102.205:1369 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFBBBD3AB  Ack: 0xF2528F  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-18:45:43.585905 66.196.65.35:43564 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:7955 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x34AF8D8E  Ack: 0x8F12D526  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25478007 2648543494 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:05.517014 24.129.102.205:3966 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45976 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5695DB58  Ack: 0x2A9E5E90  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:09.761218 24.129.102.205:4096 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46477 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5706B6DB  Ack: 0x2B6604B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:22.953445 24.129.102.205:4273 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48452 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x579FA575  Ack: 0x2BECA774  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:23.410869 24.129.102.205:4674 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48552 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x58DEEC30  Ack: 0x2C83B78D  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:23.841215 24.129.102.205:4693 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58E75E36  Ack: 0x2BD2B28C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:28.127241 24.129.102.205:1053 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49222 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x597C0B81  Ack: 0x2BDCFC15  Win: 0xFAF0  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:30.856372 24.129.102.205:1053 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49665 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x597C0B81  Ack: 0x2BDCFC15  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:32.524258 24.129.102.205:1188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49904 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x59F1BE4F  Ack: 0x2CCCCB13  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:40.441441 24.129.102.205:1489 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:51052 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AF280B1  Ack: 0x2D2A7DC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:48:02.203762 66.196.65.35:59254 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:2496 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6C2392EE  Ack: 0x79D2B24E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25851843 2650458351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.165641 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD002FCE8  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.212616 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD003029C  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/06-20:33:36.838934 139.130.193.82 -> 192.168.1.6
ICMP TTL:238 TOS:0x0 ID:52458 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:48057 -> 144.140.24.119:113
TCP TTL:42 TOS:0x0 ID:37159 IpLen:20 DgmLen:60 DF
Seq: 0x268FB6E8  Ack: 0xE032E13E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-20:46:39.819356 24.209.50.212:1519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:46595 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52E18254  Ack: 0x5765248E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-20:46:39.863961 24.209.50.212:1519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:46596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52E18808  Ack: 0x5765248E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.223438 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51173 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3021113  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.296490 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30216C7  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-21:15:18.259419 66.196.65.35:38671 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:20234 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCBBC2219  Ack: 0xC2FF4647  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 26375410 2653140159 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:17:22.453881 24.209.50.212:1660 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5499CC9C  Ack: 0xADC81DDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:17:22.484624 24.209.50.212:1660 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5499D250  Ack: 0xADC81DDF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:20:45.392449 216.39.48.30:42529 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:19011 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x8DFFF8E5  Ack: 0xBB45A18C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 663925426 2655151567 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:32:27.468719 66.196.65.35:58610 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:27016 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8A8AB2A  Ack: 0xE6E9C2F0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 26838296 2655511163 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:50:31.558630 216.39.48.30:56912 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40997 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xFF0ECC17  Ack: 0x2B5A2B11  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 664104005 2656066398 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:55:08.742972 65.26.95.7:1934 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:707 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x918A2FC0  Ack: 0x3D9A6AEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:55:08.772078 65.26.95.7:1934 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x918A3574  Ack: 0x3D9A6AEA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-23:59:38.403215 66.196.65.35:55813 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55458 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9B916024  Ack: 0x31055E46  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 27361352 2658190353 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:39.107879 24.101.10.51:3478 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:63984 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6DBD3C02  Ack: 0x77CCD374  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:43.878303 24.101.10.51:3954 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:64983 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6F0A1782  Ack: 0x781D4AB8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:49.589328 24.101.10.51:4919 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE7A2B5  Ack: 0x78BB002B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:52.627062 24.101.10.51:4919 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:1284 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE7A2B5  Ack: 0x78BB002B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:55.969486 24.101.10.51:3810 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7215DA1B  Ack: 0x799FA49A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:58.870469 24.101.10.51:3810 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2794 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7215DA1B  Ack: 0x799FA49A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:19:02.842053 24.101.10.51:4866 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:3611 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7391D6A2  Ack: 0x7A0E7A8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:12.481140 24.101.10.51:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5725 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75AB1029  Ack: 0x7B411C8F  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:15.395689 24.101.10.51:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6565 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75AB1029  Ack: 0x7B411C8F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:19.023595 24.101.10.51:3162 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7389 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x77E07F40  Ack: 0x7AF1309F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:19:25.264300 24.101.10.51:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8807 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x797F6A5B  Ack: 0x7B9334E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:05:45.581729 24.218.33.167:1474 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C3D3461  Ack: 0x29E4867A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:05:45.590092 24.218.33.167:1474 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C3D3A15  Ack: 0x29E4867A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:10:31.610117 24.209.50.212:1922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:12349 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27C34FAC  Ack: 0x3C749E7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:10:31.644408 24.209.50.212:1922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:12350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27C35560  Ack: 0x3C749E7C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-01:41:03.547709 66.196.65.35:42785 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18818 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x71E85032  Ack: 0xB04024DF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 27969818 2661307045 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-02:50:48.378779 66.196.65.35:40901 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:14340 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x61233A72  Ack: 0xB755E58B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 28388267 2663450422 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-04:14:44.086667 66.196.65.35:36921 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55752 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3546D3B3  Ack: 0xF4976097  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 28891797 2666029606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:26:25.145300 24.209.50.212:1439 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD949CED9  Ack: 0x202D863E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:26:25.173021 24.209.50.212:1439 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD949D48D  Ack: 0x202D863E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:48:29.858814 24.209.50.212:4920 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33114 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3D5FA762  Ack: 0x736E60DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:48:29.890181 24.209.50.212:4920 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33115 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3D5FAD16  Ack: 0x736E60DF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-05:15:29.363860 66.196.65.35:48353 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:1023 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x38663AD4  Ack: 0xDA0A7C75  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29256297 2667896645 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-06:37:38.413956 66.196.65.35:37228 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:43612 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAF4225D7  Ack: 0x10D89AE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29749165 2670421207 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-06:59:48.628973 218.87.235.253:3126 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:37460 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x7C92D2B1  Ack: 0x63AFDDBC  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-06:59:48.630030 218.87.235.253:3126 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:37461 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x7C92D837  Ack: 0x63AFDDBC  Win: 0x4248  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:18:31.117683 211.161.149.3:33137 -> 192.168.1.6:80
TCP TTL:95 TOS:0x0 ID:63845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4E3E477  Ack: 0xAA46DE7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:18:31.118984 211.161.149.3:33137 -> 192.168.1.6:80
TCP TTL:95 TOS:0x0 ID:63846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4E3EA2B  Ack: 0xAA46DE7E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:08.859727 24.98.140.134:2433 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1419 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C83BDD4  Ack: 0xB88206BD  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.003677 24.98.140.134:2710 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1479 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D537075  Ack: 0xB7B41DE9  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.159404 24.98.140.134:2724 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1520 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D5EAA70  Ack: 0xB8827A96  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.335319 24.98.140.134:2733 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1554 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5D65BE25  Ack: 0xB7F8CC0B  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-07:22:18.562432 24.98.140.134:3531 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4265 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FC7A8D6  Ack: 0xB9048F04  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-07:22:18.765362 24.98.140.134:3537 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4301 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FCCEAB3  Ack: 0xB904CDB2  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.119843 24.98.140.134:4326 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6739 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622317D0  Ack: 0xB97E78D0  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.316735 24.98.140.134:4396 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6822 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x623915AA  Ack: 0xB8D31D70  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.552353 24.98.140.134:4451 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6256E426  Ack: 0xB937BB6D  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.950580 24.98.140.134:4471 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6960 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6260C16D  Ack: 0xB98308FD  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:38.469604 24.98.140.134:1514 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:9480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64B2B54E  Ack: 0xB9A81F03  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:47.729233 24.98.140.134:2324 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:11982 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x672541B0  Ack: 0xBA2A8861  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:48.019617 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061  Ack: 0xBA925D4E  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:50.997991 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12765 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061  Ack: 0xBA925D4E  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:51.480215 24.98.140.134:2602 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12907 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x680209E3  Ack: 0xBAB137A5  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:23:00.877124 24.98.140.134:3382 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:15398 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A55D065  Ack: 0xBBAE2D8B  Win: 0xF990  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-08:27:51.223734 66.196.65.35:48236 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62322 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9F931BE5  Ack: 0xB0721550  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 30410396 2673808177 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-09:23:52.089660 216.39.48.30:50337 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44407 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x5573C98F  Ack: 0x8433E1D2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 667903239 2675529548 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-09:43:20.025983 66.196.65.35:47999 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:57432 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCDD2FC39  Ack: 0xCCBFBBED  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 30863244 2676127737 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:04:03.008713 24.175.87.10:1327 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F6E9E9  Ack: 0x1C7CB8FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:04:03.031202 24.175.87.10:1327 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F6EF9D  Ack: 0x1C7CB8FB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:34:49.157717 12.27.55.243:29452 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46744 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x16E06296  Ack: 0x9019FDC3  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:34:49.165006 12.27.55.243:29452 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46745 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x16E067FA  Ack: 0x9019FDC3  Win: 0x40B0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:11:17.057017 66.196.65.35:55772 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:18771 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA7D21B57  Ack: 0x1A17DB7B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 31390907 2678830541 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:42.770300 24.91.100.180:2924 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39822 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x35A55C38  Ack: 0x495DBC2A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:43.530428 24.91.100.180:2940 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39894 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x35B30FA0  Ack: 0x49911B73  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:56.257580 24.91.100.180:3191 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x368C1AD7  Ack: 0x49D282EB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:56.977490 24.91.100.180:3288 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41060 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36E2120A  Ack: 0x4A01DE48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:57.475105 24.91.100.180:3312 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36F6BA24  Ack: 0x49EDA005  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:24:01.234131 24.91.100.180:3418 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41510 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374FD5BF  Ack: 0x4A512E0F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:24:01.977570 24.91.100.180:3433 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41568 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x375E60BA  Ack: 0x4ABF76C1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:24:05.764670 24.91.100.180:3540 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41938 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x37BD4A88  Ack: 0x4AFCE1FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:45:28.891019 24.159.116.86:3141 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44992 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73235F8A  Ack: 0x9B864F99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:45:28.952781 24.159.116.86:3141 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7323653E  Ack: 0x9B864F99  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:48:35.270443 66.196.65.35:54547 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30763 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2A79AFF4  Ack: 0xA67FB334  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 31614710 2679976907 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:02:56.303906 24.136.155.112:3999 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4958DDA9  Ack: 0xDCB2C216  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:02:56.310342 24.136.155.112:3999 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4958E35D  Ack: 0xDCB2C216  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:40:49.316046 24.102.69.64:4820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28201 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D2EAE  Ack: 0x6BB85B87  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:40:51.972792 24.102.69.64:4820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28658 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D2EAE  Ack: 0x6BB85B87  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:15.975542 24.54.164.105:4990 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:37846 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD6BA7F95  Ack: 0x75805A0D  Win: 0x8000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:20.299988 24.54.164.105:3181 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:38367 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD751E648  Ack: 0x760A0AAA  Win: 0x8000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:20.879075 24.54.164.105:3198 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:38429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD7604529  Ack: 0x76285DA3  Win: 0x8000  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:31.109433 24.54.164.105:3599 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39585 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8AD4254  Ack: 0x76AB5228  Win: 0x8000  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:31.855314 24.54.164.105:3629 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39684 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD8C50095  Ack: 0x77560173  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:43:32.565389 24.54.164.105:3664 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39782 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD8E1A237  Ack: 0x7711AE1A  Win: 0x8000  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:43:42.936617 24.54.164.105:4119 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41138 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDA57D10F  Ack: 0x7710C572  Win: 0x8000  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:43.638615 24.54.164.105:4148 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDA731584  Ack: 0x776971FC  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:44.316212 24.54.164.105:4174 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA88638C  Ack: 0x77EB8A51  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:54.597045 24.54.164.105:4652 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42750 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC027A05  Ack: 0x789A629B  Win: 0x8000  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:55.449953 24.54.164.105:4719 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC246AB2  Ack: 0x78921F6A  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:56.211923 24.54.164.105:4787 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42979 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC426C2A  Ack: 0x7804DC90  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:56.962134 24.54.164.105:4844 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43081 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDC5CDA67  Ack: 0x787093AA  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:57.871063 24.54.164.105:4912 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43220 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC7D058C  Ack: 0x780756A4  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:58.674281 24.54.164.105:4998 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43335 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDC9D55E3  Ack: 0x7897E228  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:44:02.916006 24.54.164.105:3192 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43919 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDD39D5DA  Ack: 0x78B1E994  Win: 0x8000  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:59:15.984745 66.196.65.35:46424 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:47955 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE46937B3  Ack: 0xB2267261  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32038749 2682148915 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-13:15:24.873208 64.68.82.46:22202 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:37136 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xBF657062  Ack: 0xEEA34BC0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 878240605 2682642698 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-13:59:25.078317 66.196.65.35:34776 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:27636 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x11ED47A7  Ack: 0x957A034F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32399630 2683997426 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-15:52:40.456199 66.196.65.35:42890 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:14869 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2C740563  Ack: 0x408105A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 33079118 2687477890 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:04.434109 24.201.83.152:1125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA8C445F6  Ack: 0xDA02E361  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:08.386842 24.201.83.152:1176 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50813 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA8F93210  Ack: 0xDA68CF3A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:12.646435 24.201.83.152:1191 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51227 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA908B755  Ack: 0xDA2F4BD9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:44.189047 24.201.83.152:1396 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA9D6F53B  Ack: 0xDB760006  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:45.242117 24.201.83.152:1705 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53542 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB12B93B  Ack: 0xDC24BC01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:33:49.712603 24.201.83.152:1761 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB4E1A57  Ack: 0xDD396C48  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:33:50.388117 24.201.83.152:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB5B94F0  Ack: 0xDC8B4EE7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:51.320719 24.201.83.152:1785 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53954 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAB6540BD  Ack: 0xDCDCD42F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:01.698003 24.201.83.152:1947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54762 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC054C61  Ack: 0xDCFE800A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:02.508486 24.201.83.152:1962 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC145E19  Ack: 0xDD645049  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:03.487851 24.201.83.152:1973 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC1D60EF  Ack: 0xDD625569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:04.386332 24.201.83.152:1983 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54939 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC2850D3  Ack: 0xDE0D7D08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:05.295212 24.201.83.152:1995 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55013 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAC346A32  Ack: 0xDDA2265D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:06.091578 24.201.83.152:2009 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55061 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC425058  Ack: 0xDD9778B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:07.096340 24.201.83.152:2022 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55118 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAC4FAAAA  Ack: 0xDDA8B10A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:08.214034 24.201.83.152:2035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55187 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC5C976F  Ack: 0xDDC13B0A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:57:03.066523 66.196.65.35:40513 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30122 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1FBC43EB  Ack: 0x33EA7F86  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 33465349 2689456236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.838127 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F1E9E  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.868006 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57283 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F2452  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-18:11:14.927887 216.39.48.30:39857 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17813 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x1D52EF5D  Ack: 0x4C67A77A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 671066846 2691736409 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-19:19:09.290218 66.196.65.35:53091 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:47699 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE2C4B8D5  Ack: 0x4D766583  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 34317905 2693823219 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.972916 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE808E  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.974260 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE8642  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.809215 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF331786E  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.816844 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3317E22  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.580233 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20BEFB  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.587799 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20C4AF  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-22:14:57.281514 66.196.73.77:26438 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57625 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF9C6CF4E  Ack: 0xE5721693  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.233436 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x607FFBCD  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.264392 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60800181  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:29:21.765811 24.167.127.146:4510 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8C673DE  Ack: 0xFE7D09F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:29:21.767097 24.167.127.146:4510 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8C67992  Ack: 0xFE7D09F3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-23:36:08.492589 66.196.73.77:3215 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:13415 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC03D7255  Ack: 0x17E488BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:34:08.780919 66.196.65.35:47277 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30803 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xFACFA523  Ack: 0xF2EC4B87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 36207711 2703503181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:37:52.776601 66.196.65.24:41626 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:63968 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C5F0F8E  Ack: 0x12DB652  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:26.622183 24.219.28.221:3631 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61071 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAE70E332  Ack: 0x33C42ED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:27.143367 24.219.28.221:3644 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61102 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAE7C1B1D  Ack: 0x33BD1F79  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:29.457251 24.219.28.221:3712 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61314 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEB73D57  Ack: 0x33DF5FC8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:29.753326 24.219.28.221:3723 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61340 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEC08B49  Ack: 0x33B3494C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:30.055886 24.219.28.221:3728 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEC5F240  Ack: 0x348B922F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:51:33.450066 24.219.28.221:3829 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61616 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF1C706A  Ack: 0x342B2BBA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:51:36.933250 24.219.28.221:3954 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62001 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF88CCA8  Ack: 0x344FD79D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.317941 24.219.28.221:3964 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62300 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF915CBB  Ack: 0x34B57CF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.642688 24.219.28.221:4070 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFEB3D6F  Ack: 0x348D236F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.935257 24.219.28.221:4079 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF397EF  Ack: 0x34C3C771  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.261272 24.219.28.221:4086 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62372 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF9FEA7  Ack: 0x346F8E8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.599229 24.219.28.221:4095 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB00210D2  Ack: 0x34AAE1CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.917600 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62434 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755  Ack: 0x34A68E41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:44.852025 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62663 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755  Ack: 0x34A68E41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:45.087240 24.219.28.221:4196 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62685 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0582B6C  Ack: 0x34CA3674  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:45.258372 24.219.28.221:4204 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62702 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB05F09B0  Ack: 0x34E77775  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:51.223579 24.219.28.221:4401 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1053BE9  Ack: 0x3577D485  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:25.519784 24.98.140.134:4095 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:58253 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E66C4D  Ack: 0x46E56650  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:32.426623 24.98.140.134:4457 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59708 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x504B591  Ack: 0x46C0C068  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:32.812594 24.98.140.134:4781 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x59A9407  Ack: 0x479B0349  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:36.315737 24.98.140.134:1113 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60612 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6468A5F  Ack: 0x478A2A23  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:36.519304 24.98.140.134:1132 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x654D4B6  Ack: 0x47A3CB4C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:56:36.818201 24.98.140.134:1143 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65E0BEB  Ack: 0x474D76E9  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:56:37.206714 24.98.140.134:1170 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60837 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x670EEF7  Ack: 0x475907F7  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.416422 24.98.140.134:1197 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60904 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x687E7DC  Ack: 0x47B14D73  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.612613 24.98.140.134:1200 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60954 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68B31AF  Ack: 0x471EC9CC  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.791953 24.98.140.134:1215 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61020 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x694B074  Ack: 0x475A6E7A  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:38.125678 24.98.140.134:1229 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FC36D  Ack: 0x472E665D  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:38.531224 24.98.140.134:1239 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A80D83  Ack: 0x47BD111C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:39.018151 24.98.140.134:1260 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61502 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6B8071B  Ack: 0x47B3C00C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:39.537519 24.98.140.134:1280 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C88E8D  Ack: 0x47608EC9  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-02:20:46.634573 24.229.103.234:4372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E8F1339  Ack: 0x85CD6F43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-02:20:46.643634 24.229.103.234:4372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E8F18ED  Ack: 0x85CD6F43  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-02:24:41.422853 66.196.65.35:46147 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:60712 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB8EB848D  Ack: 0x94914EF4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 36870927 2706900298 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-03:12:20.656488 24.209.49.251:1345 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65218 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x482644FE  Ack: 0x47BD3111  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-03:12:20.686906 24.209.49.251:1345 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48264AB2  Ack: 0x47BD3111  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-04:51:28.772497 66.196.65.35:54326 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:10388 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9DEEDE55  Ack: 0xBE48CAFD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 37751597 2711411258 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-04:55:34.743389 24.43.3.89:3243 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EEEE04C  Ack: 0xCE353E21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-04:55:34.839758 24.43.3.89:3243 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40798 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EEEE600  Ack: 0xCE353E21  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-05:19:25.855970 24.209.49.251:4161 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7426 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECCFFCC8  Ack: 0x27D4A2C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-05:19:25.886477 24.209.49.251:4161 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7427 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECD0027C  Ack: 0x27D4A2C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:00.607793 24.59.74.47:3827 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11489 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x379A4F29  Ack: 0x2AACBC0A  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:01.043838 24.59.74.47:3834 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x37A0A6AE  Ack: 0x2A9F17FC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:10.553622 24.59.74.47:4131 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13110 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x38A153CF  Ack: 0x2B9779E6  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.047217 24.59.74.47:4440 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14681 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x39A861FD  Ack: 0x2BDBE992  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.224759 24.59.74.47:4447 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14713 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x39AEC661  Ack: 0x2C57D1E2  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-06:28:20.482894 24.59.74.47:4461 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14777 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x39BA3E72  Ack: 0x2C0E1961  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-06:28:20.761612 24.59.74.47:4473 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14851 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x39C4121B  Ack: 0x2CBE258A  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.991511 24.59.74.47:4479 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14907 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x39C94CD9  Ack: 0x2BCCE501  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:21.189511 24.59.74.47:4488 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14959 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x39D0C71B  Ack: 0x2C444BDD  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:30.838612 24.59.74.47:4840 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16782 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3AFB4F9C  Ack: 0x2C870B97  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:40.271095 24.59.74.47:1195 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C0B6F5D  Ack: 0x2DDC212E  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:40.462514 24.59.74.47:1209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18579 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C1547C8  Ack: 0x2CF911BF  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:53.329416 24.59.74.47:1527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20912 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3D2211B7  Ack: 0x2E13D9F0  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:53.585739 24.59.74.47:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20989 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D8252A1  Ack: 0x2E0A3513  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:56.470279 24.59.74.47:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D8252A1  Ack: 0x2E0A3513  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:56.846394 24.59.74.47:1753 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21545 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3DDFFBF6  Ack: 0x2EB1D9E4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:57.013228 24.59.74.47:1756 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21575 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DE2FB20  Ack: 0x2E671FB4  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-07:03:04.029381 66.196.65.35:51142 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46138 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x690CE965  Ack: 0xB0670D41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 38541060 2715455048 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-07:10:48.147792 24.209.49.251:2265 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19DA2D29  Ack: 0xCD6D2391  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-07:10:48.178322 24.209.49.251:2265 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19DA32DD  Ack: 0xCD6D2391  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-07:23:26.311573 216.39.48.30:53678 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24589 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xCCBB4DCE  Ack: 0xFCFD026A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675818962 2716081091 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-08:41:45.278192 209.237.238.173:54816 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22747 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF3C64E7F  Ack: 0x2481B638  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73275059 2718487810 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-08:43:37.546793 209.237.238.175:44831 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45245 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFB39F788  Ack: 0x2C84A3AB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73287495 2718545314 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-09:18:28.356611 66.196.65.35:36630 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46932 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD8B8B48E  Ack: 0xAEF2BEC8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39353432 2719616180 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-09:24:51.543585 24.209.49.251:1248 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x87CA8AB4  Ack: 0xC69AF35E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-09:24:51.574553 24.209.49.251:1248 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x87CA9068  Ack: 0xC69AF35E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-10:23:39.205993 66.196.65.35:50679 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33475 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDB7FC4F4  Ack: 0xA555F57E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39744487 2721619244 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:28:17.014756 24.209.49.251:4841 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F3FFEBD  Ack: 0xB6A72A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:28:17.044738 24.209.49.251:4841 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10813 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F400471  Ack: 0xB6A72A11  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:36:57.791133 24.209.49.251:3631 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5187239  Ack: 0xD8281D08  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:09:11.163963 24.209.49.251:4033 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52F9B4AA  Ack: 0x51830B71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:09:11.206162 24.209.49.251:4033 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52F9BA5E  Ack: 0x51830B71  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:49.162228 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:49.188426 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728735  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:52.068377 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14161 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:58.095284 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-11:39:37.596913 66.196.65.35:44589 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:61402 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x81543ADA  Ack: 0xC5501646  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 40200290 2723953962 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:52:53.745119 24.209.49.251:1943 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10CDF572  Ack: 0xF6A2667B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:52:53.814646 24.209.49.251:1943 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10CDFB26  Ack: 0xF6A2667B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-12:45:26.315480 66.196.65.35:33872 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:29242 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF8E7C440  Ack: 0xBD77A043  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 40595128 2725976404 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:15:48.980613 24.209.210.177:1307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C47BB86  Ack: 0x12B1D140  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:15:49.021245 24.209.210.177:1307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C47C13A  Ack: 0x12B1D140  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-14:22:39.493163 66.196.65.35:48609 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46045 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7156BB45  Ack: 0x2CF79A54  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 41178403 2728964045 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-14:33:50.113905 66.196.73.77:30071 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:1953 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBB1EFFCE  Ack: 0x5784922D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:57:34.338522 24.209.49.251:1045 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18AC9678  Ack: 0xAFA1CA2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:57:34.368152 24.209.49.251:1045 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57328 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18AC9C2C  Ack: 0xAFA1CA2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-15:14:49.264482 24.209.49.251:4506 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E45F62E  Ack: 0xF11DFDEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-15:14:49.310941 24.209.49.251:4506 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49798 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E45FBE2  Ack: 0xF11DFDEF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-15:47:34.371583 66.196.65.35:50815 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:19460 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x4AC9101C  Ack: 0x6E5B362A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 41687849 2731573491 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-17:45:51.443000 66.196.65.35:53360 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9941 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB201F42E  Ack: 0x2C897339  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42397504 2735208529 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:07:00.946208 24.209.49.251:3278 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3DBD73D  Ack: 0x7C0B84A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:07:01.018841 24.209.49.251:3278 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3DBDCF1  Ack: 0x7C0B84A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:42:22.393747 24.118.24.56:4664 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61460 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1F61A7B8  Ack: 0x1F3E0B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:42:22.403597 24.118.24.56:4664 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61461 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1F61AD6C  Ack: 0x1F3E0B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-19:02:48.399314 66.196.65.35:60175 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39566 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xBF490252  Ack: 0x4EB2BD0A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42859162 2737573223 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-20:20:08.589249 66.196.65.35:44510 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:40168 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF4973CC2  Ack: 0x72B4A627  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 43323146 2739949849 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-20:23:57.831377 203.94.78.130:1887 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34743 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0xEE529BF0  Ack: 0x814C53EF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24255622 2740066935 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:26:37.868255 24.209.49.251:3528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD2A4005E  Ack: 0x8B0C5C51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:26:37.899111 24.209.49.251:3528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD2A40612  Ack: 0x8B0C5C51  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:32:46.564788 24.209.49.251:4745 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3637 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE67DAA69  Ack: 0xA2ABE789  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:32:46.600985 24.209.49.251:4745 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3638 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE67DB01D  Ack: 0xA2ABE789  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:41:59.929837 203.73.143.123:2872 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:16851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B86504F  Ack: 0xC4C601D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:41:59.938411 203.73.143.123:2872 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:16852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B865603  Ack: 0xC4C601D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-22:12:15.768005 66.196.65.35:36816 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:52553 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE0EF37EF  Ack: 0x1A517835  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 43995804 2743395337 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-22:42:43.165994 24.29.133.200:3844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA43C8A5A  Ack: 0x8D656182  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-22:42:43.186680 24.29.133.200:3844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA43C900E  Ack: 0x8D656182  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-23:04:24.367812 24.136.23.20:2406 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD32CC45D  Ack: 0xDF61B99B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-23:04:24.376382 24.136.23.20:2406 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD32CCA11  Ack: 0xDF61B99B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-23:18:15.884208 66.196.65.35:39267 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:57021 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC359EDBA  Ack: 0x148E445C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 44391794 2745423676 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:28.700389 24.197.103.210:4393 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3278 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDBF20E24  Ack: 0x568B9603  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:42.184810 24.197.103.210:4752 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4467 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDD251F87  Ack: 0x56D063E2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:48.972707 24.197.103.210:1057 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDDBCE02A  Ack: 0x57A51A5E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:00.626728 24.197.103.210:1358 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6035 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDECC8281  Ack: 0x579FFAC3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:04.428405 24.197.103.210:1407 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6257 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDEF8CEDD  Ack: 0x5840256F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-00:44:07.370332 24.197.103.210:1500 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6559 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF4740A7  Ack: 0x585F2629  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-00:44:11.197836 24.197.103.210:1573 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6815 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF875B3F  Ack: 0x5892D709  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:14.083515 24.197.103.210:1656 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7099 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDFD22014  Ack: 0x58FAC7AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:17.974348 24.197.103.210:1725 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE00F1254  Ack: 0x5950DC4D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:20.864904 24.197.103.210:1821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7574 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE064306C  Ack: 0x58B33A40  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:36.356936 24.197.103.210:2096 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8796 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE15890D1  Ack: 0x5A117F08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:40.230005 24.197.103.210:2248 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1D48ABB  Ack: 0x5A495813  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:43.093161 24.197.103.210:2337 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE2264060  Ack: 0x5A666968  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:46.969809 24.197.103.210:2414 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9586 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE268B871  Ack: 0x5A71AAB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:49.873320 24.197.103.210:2503 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9810 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE2B77E54  Ack: 0x5AFCB328  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:53.742269 24.197.103.210:2569 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10096 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2F31EB3  Ack: 0x5B8F668A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-01:03:10.169211 66.196.65.35:39537 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33128 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x80DF882A  Ack: 0xA04DE41B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45021176 2748647503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-01:03:10.525117 66.196.65.35:39537 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33129 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x80DF882A  Ack: 0xA04DE41B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45021212 2748647503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-02:27:36.365436 66.196.65.35:39116 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:1804 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC6EFCE46  Ack: 0xDE8B90B2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45527758 2751242311 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:58:22.040478 66.196.65.35:53398 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55455 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xFEF70685  Ack: 0x3626E759  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 46072278 2754031449 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:19.522230 24.201.31.41:3361 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50324 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F2ABAA0  Ack: 0x3A1332D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:29.149496 24.201.31.41:3501 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50672 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1FB7D945  Ack: 0x3A09EBEE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:29.300037 24.201.31.41:3503 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50686 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1FB9A5AF  Ack: 0x3A669E70  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:38.512794 24.201.31.41:3676 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51221 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x206175F0  Ack: 0x3B4F0EAF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:47.673866 24.201.31.41:3797 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51523 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20DE36B0  Ack: 0x3B4044E6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:59:47.828573 24.201.31.41:3803 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51535 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20E444D2  Ack: 0x3BE28C6C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:59:57.049311 24.201.31.41:3943 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51932 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x216E09E5  Ack: 0x3BA80CCB  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.223111 24.201.31.41:3946 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51942 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21711488  Ack: 0x3BA1665D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.393942 24.201.31.41:3949 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21744C28  Ack: 0x3B95BF0D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.566033 24.201.31.41:3952 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51962 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2177BDC9  Ack: 0x3B9A3F26  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.728784 24.201.31.41:3955 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51977 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x217AE0E9  Ack: 0x3BC06A0F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.870029 24.201.31.41:3961 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51991 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2180234B  Ack: 0x3C2C1E17  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:58.044831 24.201.31.41:3963 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51998 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x218204AE  Ack: 0x3BD70ABE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:58.217713 24.201.31.41:3965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52010 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2184594E  Ack: 0x3BD66B08  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.198771 24.201.31.41:3965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52137 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2184594E  Ack: 0x3BD66B08  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.584638 24.201.31.41:4017 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52190 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x21B8AEE3  Ack: 0x3CA65BC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.775358 24.201.31.41:4025 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52218 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21BEFEE1  Ack: 0x3C403C23  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:11:13.873898 66.196.65.35:54912 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:64372 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA147E3C9  Ack: 0x48FFDDF6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 46509426 2756270604 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.395118 24.189.230.118:1324 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2552 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71C5B62C  Ack: 0x6D95348C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.770884 24.189.230.118:1335 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2589 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x71CF2E66  Ack: 0x6DD29EDD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.905727 24.189.230.118:1344 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2609 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71D495BB  Ack: 0x6D922138  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:52.045190 24.189.230.118:1352 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71DAADCB  Ack: 0x6D1CC9B3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:52.181367 24.189.230.118:1356 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x71DE2BC2  Ack: 0x6DB0C1E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:21:01.314526 24.189.230.118:1763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3795 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7306E1BD  Ack: 0x6DBD5772  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:21:10.420701 24.189.230.118:2139 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4532 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x741DFB61  Ack: 0x6E75AE1E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.531290 24.189.230.118:2144 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7420B36E  Ack: 0x6E995449  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.668170 24.189.230.118:2147 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4551 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7423D62C  Ack: 0x6EC29BBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.780818 24.189.230.118:2148 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4561 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7424CFD3  Ack: 0x6ED6E3B5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.911400 24.189.230.118:2160 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4585 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x742D29F8  Ack: 0x6EAEFC67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:11.022229 24.189.230.118:2173 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4600 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7433C95A  Ack: 0x6EB2E669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.233268 24.189.230.118:2573 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5566 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7561CB8F  Ack: 0x6F333443  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.347663 24.189.230.118:2579 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5582 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75664176  Ack: 0x6EFC42CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.490858 24.189.230.118:2586 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5598 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x756BC6C8  Ack: 0x6F1C1ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.623073 24.189.230.118:2591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x756FAE65  Ack: 0x6F7DDF7B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:24:31.414093 24.80.90.219:3176 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x331AD55  Ack: 0x7BDF4F03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:24:31.478356 24.80.90.219:3176 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x331B309  Ack: 0x7BDF4F03  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-06:00:19.389937 66.196.65.24:54325 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:24463 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x733F4F4  Ack: 0x2148C4A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-08:21:58.512024 66.196.65.35:41227 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62018 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE6EDF525  Ack: 0x19331062  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47653803 2762132336 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-09:14:45.725271 24.209.5.98:2266 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9ABF4F1E  Ack: 0xE150711D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-09:14:45.754497 24.209.5.98:2266 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10036 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9ABF54D2  Ack: 0xE150711D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-10:20:32.421960 66.196.65.35:57263 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9142 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDAF621A3  Ack: 0xD98F3FDB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48365143 2765775955 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-10:24:50.616024 24.209.49.251:1778 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE065465F  Ack: 0xEA17F688  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-10:24:50.651687 24.209.49.251:1778 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE0654C13  Ack: 0xEA17F688  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:03:27.467229 64.68.82.16:18294 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:33721 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x48EA09D3  Ack: 0x7B200D7B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 894733064 2767094079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:28:56.480053 66.196.65.35:45324 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:34658 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAED9D0E4  Ack: 0xDBE6BD6B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48775518 2767877979 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:34:50.198297 66.196.65.24:46886 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:38840 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x203A5F25  Ack: 0xF24DA8CB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-11:58:35.536635 24.209.49.251:4990 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34732 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF55B340  Ack: 0x4C872A1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-11:58:35.594998 24.209.49.251:4990 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34733 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF55B8F4  Ack: 0x4C872A1E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-12:37:54.282476 66.196.65.24:64769 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:21392 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x753BD2A7  Ack: 0xDFC74500  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-13:16:14.629529 66.196.65.35:58599 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:42823 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC33164AD  Ack: 0x7197B1CD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49419285 2771175476 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-14:01:58.612716 66.196.65.24:45652 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18849 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7435A587  Ack: 0x1E168772  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:34:18.344499 24.209.49.251:1861 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60266 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AEEECA6  Ack: 0x98F5FD59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:34:18.378875 24.209.49.251:1861 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60267 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AEEF25A  Ack: 0x98F5FD59  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:43:37.404016 24.209.49.251:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:6344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E295759  Ack: 0xBC2A490D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:43:37.433046 24.209.49.251:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:6345 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E295D0D  Ack: 0xBC2A490D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-15:02:55.521693 66.196.65.35:49057 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:61154 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x342AF23E  Ack: 0x3DB1780  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50059329 2774453904 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-15:43:18.376767 24.130.80.176:4575 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D3C329E  Ack: 0x9D62F812  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-15:43:18.384962 24.130.80.176:4575 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D3C3852  Ack: 0x9D62F812  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-17:02:08.114525 66.196.65.35:34166 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39341 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB6CEA48F  Ack: 0xC6FC98F9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50774534 2778117325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-17:21:04.503175 66.196.65.24:56775 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:35694 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD4A6F169  Ack: 0xDF80E42  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.680121 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49EA51  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.710369 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49F005  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:21:57.623639 24.155.55.163:3198 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33734 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA25F24A4  Ack: 0xF50B6122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:21:57.629481 24.155.55.163:3198 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA25F2A58  Ack: 0xF50B6122  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:46:22.601680 24.209.49.251:4234 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x108FF045  Ack: 0x50608224  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:46:22.617147 24.209.49.251:4234 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x108FF5F9  Ack: 0x50608224  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.372689 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7618A  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.413247 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7673E  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-19:07:43.735829 66.196.65.35:36607 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:44410 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x24757C44  Ack: 0xA05611AD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 51528040 2781976945 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-19:10:33.198511 66.196.65.24:15291 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49922 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x11256D65  Ack: 0xABA10204  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.530580 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14016 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78B4FB  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.583645 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78BAAF  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-20:37:51.380482 66.196.65.35:45123 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:56970 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x601D7F1A  Ack: 0xF5167075  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52068761 2784746642 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.656391 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57100 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EF53A  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.680175 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57101 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EFAEE  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-21:32:41.676290 66.196.65.24:23346 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57668 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2CC81475  Ack: 0xC5059FCC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:40.153482 24.140.13.155:1968 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26718 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7790E9CE  Ack: 0x39336A11  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:43.828940 24.140.13.155:2131 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7815EC34  Ack: 0x39AC14C3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:47.232316 24.140.13.155:2257 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27469 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x787BC1FE  Ack: 0x39647080  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:47.424994 24.140.13.155:2263 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27489 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7880F3B1  Ack: 0x39515CE6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:56.871571 24.140.13.155:2612 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28263 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x799F692D  Ack: 0x39AE634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:03:57.068579 24.140.13.155:2619 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28291 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x79A596B7  Ack: 0x3A3C056B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:03:57.257169 24.140.13.155:2628 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28313 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x79ABCD91  Ack: 0x39BF6BFB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.440998 24.140.13.155:2635 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28333 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x79B1410D  Ack: 0x3A1FE29A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.612973 24.140.13.155:2638 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28351 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B41385  Ack: 0x3A0C2BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.768314 24.140.13.155:2644 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79BA2A28  Ack: 0x3A1A7A30  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.934003 24.140.13.155:2649 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28384 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79BE3EA0  Ack: 0x3A989428  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:04.662596 24.140.13.155:2812 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A42BC62  Ack: 0x3A837928  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:04.857800 24.140.13.155:2927 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29086 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7AA3107F  Ack: 0x3AE03E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:07.833952 24.140.13.155:2927 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7AA3107F  Ack: 0x3AE03E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.185547 24.140.13.155:3057 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B04B829  Ack: 0x3A7D9C1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.364701 24.140.13.155:3062 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29432 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7B0819F2  Ack: 0x3A5812C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.561907 24.140.13.155:3072 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29466 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B110EC7  Ack: 0x3AC96CC0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:09:06.619181 24.194.136.216:4485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65D97FDB  Ack: 0x4D621F59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:09:06.627408 24.194.136.216:4485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65D9858F  Ack: 0x4D621F59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:15:45.124865 66.196.65.35:42891 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:12700 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA4569031  Ack: 0x66F3CEF9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52656091 2787755048 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/09-22:29:26.405780 216.136.165.202 -> 192.168.1.6
ICMP TTL:237 TOS:0x0 ID:25669 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:58502 -> 216.33.244.103:113
TCP TTL:49 TOS:0x0 ID:7787 IpLen:20 DgmLen:60 DF
Seq: 0x9AEC3139  Ack: 0x8642E53E
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:45:32.396653 66.196.65.24:60293 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:36964 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC0680C79  Ack: 0xD7D9E5F1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.009465 24.44.2.165:4201 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58442 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6C083590  Ack: 0xEB4707B0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.327018 24.44.2.165:4207 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58458 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6C0DA10D  Ack: 0xEAD498BE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.466033 24.44.2.165:4209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58470 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C0F91E1  Ack: 0xEB1808CB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.632211 24.44.2.165:4214 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58484 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C13EDA9  Ack: 0xEBA658E2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.763113 24.44.2.165:4219 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58498 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C17DBF6  Ack: 0xEADA465E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:41.903850 24.44.2.165:4221 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58508 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C19A789  Ack: 0xEAF038F0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:42.046965 24.44.2.165:4223 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58520 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C1BF415  Ack: 0xEBC6057F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.165925 24.44.2.165:4274 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58638 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C4ADD7A  Ack: 0xEB3E4BAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.292227 24.44.2.165:4276 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58647 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4C802A  Ack: 0xEBD15D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.471448 24.44.2.165:4278 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58657 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4EDBA9  Ack: 0xEBB43228  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.607543 24.44.2.165:4317 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58736 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C76EBE5  Ack: 0xEC3FAB70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.741660 24.44.2.165:4320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58747 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C792193  Ack: 0xEBB71DCE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.891352 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:51.806936 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58839 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.138390 24.44.2.165:4363 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CA34419  Ack: 0xEC1D1E8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.269073 24.44.2.165:4365 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58853 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CA55D78  Ack: 0xEC74C1D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:51:01.472165 24.44.2.165:4475 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59092 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D177F90  Ack: 0xECEA3047  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-23:17:03.823509 66.196.65.35:40866 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:56008 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x304FEB26  Ack: 0x4F06BACE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53023934 2789639212 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.382162 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A385FF  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.411615 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A38BB3  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-01:34:14.739237 66.196.65.24:40369 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65504 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x79E62804  Ack: 0x55D669EB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-01:58:58.514882 66.196.65.35:36429 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:40490 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5751FA6  Ack: 0xB2B02903  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53995330 2794614907 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-02:35:00.192372 66.196.65.24:60766 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:40611 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB30800C9  Ack: 0x3AD5A9AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-04:30:50.551169 66.196.65.24:26312 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:43166 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBCED9D52  Ack: 0xF00D17EC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-04:57:52.113121 66.196.65.35:37746 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9658 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC0E9CD46  Ack: 0x562B04DD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 55068610 2800112464 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-07:44:30.427228 66.196.65.35:36765 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50466 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1867E4D8  Ack: 0xCC333DC1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 56068362 2805233374 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-08:58:28.788741 66.196.65.35:56964 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:18726 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEA2E72CD  Ack: 0xE37FF120  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 56512166 2807506643 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-09:15:51.489125 62.220.28.154:3994 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65115 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA240DCC2  Ack: 0x24F01C01  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-09:15:51.658400 62.220.28.154:3994 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA240E276  Ack: 0x24F01C01  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-09:33:57.902165 66.196.65.24:55239 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:9221 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x21DB9605  Ack: 0x6945F555  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-10:54:23.237749 66.196.65.24:31235 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49841 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8ED6176D  Ack: 0x98D9B79C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-11:49:54.030426 217.35.41.34:3952 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:2012 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xD3468D5F  Ack: 0x6AC626F5  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-12:06:41.393176 66.196.65.24:4385 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:62065 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2086E4F7  Ack: 0xAA5C8BCF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-12:22:40.503649 66.196.65.35:55859 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39475 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x51463992  Ack: 0xE699BC28  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57737242 2813781720 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.257162 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD147C1  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.275108 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD14D75  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-13:45:30.744681 66.196.65.24:16618 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26913 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6DC22EC3  Ack: 0x1F96FF64  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-13:54:23.202508 66.196.65.35:39113 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:15608 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF91232F  Ack: 0x4056A76F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58287471 2816600108 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-14:45:38.139264 66.196.65.24:37020 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29362 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAF3523BA  Ack: 0x280C1ED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:11:58.004418 24.98.20.14:2785 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10748 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9F89C4DF  Ack: 0x65AA1DFA  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:02.774411 24.98.20.14:3087 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11949 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0825947  Ack: 0x662749D9  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:03.927575 24.98.20.14:3155 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12260 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0B7E4BF  Ack: 0x6692513F  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:05.108231 24.98.20.14:3226 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12523 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0F21B9E  Ack: 0x6677B835  Win: 0x44E8  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-16:36:37.331506 66.196.65.35:35657 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50920 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5D76E78A  Ack: 0xA61DD9AF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59260805 2821585726 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-16:59:22.671292 66.196.65.24:36172 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57459 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB487A6AE  Ack: 0xFAAC5D45  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-18:05:17.749823 66.196.65.24:64656 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:14350 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x77474FB7  Ack: 0xF506181A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:16:19.618200 24.209.49.251:2384 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:5220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB49C1F16  Ack: 0x1E9AF7C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:18:53.065664 24.136.138.173:3048 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:20378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFB2795  Ack: 0x2882F107  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:18:53.071734 24.136.138.173:3048 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:20379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFB2D49  Ack: 0x2882F107  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-18:58:20.267806 66.196.65.35:33461 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:58441 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x255EFCE7  Ack: 0xBE1F1503  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 60111032 2825940753 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.121351 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA5E39  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.146040 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA63ED  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-20:16:37.010471 66.196.65.24:52842 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:28349 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDD7E7329  Ack: 0xE5A83893  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-21:37:19.071631 66.196.65.35:42045 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:19799 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1A4EDDB3  Ack: 0x16672B71  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 61064840 2830826325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-21:55:35.356825 66.196.65.24:60016 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2177 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB3D029C0  Ack: 0x5B53658E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.618630 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3933E9D  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.649678 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3934451  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-23:22:38.990944 66.196.65.24:53942 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:47816 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x377DB151  Ack: 0xA326B810  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:38:05.744962 206.49.58.30:15118 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:13012 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7814C3DE  Ack: 0xDDF8B351  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:38:05.750433 206.49.58.30:15118 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:13013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7814C992  Ack: 0xDDF8B351  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-23:41:21.350127 66.196.65.35:51697 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:5986 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5CD846A8  Ack: 0xE9DE829A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 61809010 2834638139 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-00:34:27.415829 66.196.65.24:22955 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30285 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE1C560DF  Ack: 0xB3402478  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-01:38:14.898896 66.196.65.24:54465 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:56234 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD9B93A70  Ack: 0xA43FB011  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-01:49:22.079048 66.196.65.35:43360 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46241 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE865E8B6  Ack: 0xCDD85B92  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 62577023 2838572039 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-02:15:30.229948 24.201.63.54:4757 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xAFDBE9C9  Ack: 0x30615A86  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:20:58.104432 24.209.100.245:4838 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10071 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFAF311  Ack: 0x451D1D3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:20:58.132826 24.209.100.245:4838 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10072 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFAF8C5  Ack: 0x451D1D3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:28:08.247846 24.209.100.245:4559 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D1C99DA  Ack: 0x604A59CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:28:08.276375 24.209.100.245:4559 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38593 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D1C9F8E  Ack: 0x604A59CE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-03:14:30.835140 66.196.65.24:59787 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:64291 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6E60E974  Ack: 0x1027CDED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-03:48:33.837681 24.209.100.245:4133 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18620 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC496C097  Ack: 0x8FC2C2DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-03:48:33.865875 24.209.100.245:4133 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18621 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC496C64B  Ack: 0x8FC2C2DE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:25:26.288318 66.196.65.35:36189 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62667 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x21AEDECC  Ack: 0x1B98ED6C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 63513372 2843368213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:28:44.237947 64.68.82.56:29167 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:48328 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF1EA10B7  Ack: 0x28971B8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 512077143 2843468483 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:43:21.659153 66.196.65.24:53961 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:20515 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE968BDCA  Ack: 0x5FF5FAE3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-04:56:47.017059 24.209.100.245:3052 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2984 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7E90BC7  Ack: 0x91E7A105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-04:56:47.046276 24.209.100.245:3052 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7E9117B  Ack: 0x91E7A105  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-06:49:23.110513 66.196.65.35:38195 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55643 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA70E17AF  Ack: 0x3ABBA441  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 64376984 2847791812 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-07:06:26.244775 66.196.65.24:60857 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA181242F  Ack: 0x7C55498C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-07:57:32.429277 66.196.65.35:43750 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50210 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE60A36B2  Ack: 0x3CA157EF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 64785885 2849886276 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-08:58:59.035795 66.196.65.35:35461 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:4088 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD1055204  Ack: 0x259D59E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65154516 2851774487 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-09:29:28.322466 24.117.37.60:1224 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43226 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB898F7BD  Ack: 0x97D4E8B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-09:29:28.343401 24.117.37.60:1224 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB898FD71  Ack: 0x97D4E8B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:14:53.696948 66.196.65.24:2288 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:52030 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA485D91C  Ack: 0x43C47843  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-10:30:07.951900 24.151.128.134:1816 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3992AD03  Ack: 0x7D0355F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-10:30:08.060379 24.151.128.134:1816 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3992B2B7  Ack: 0x7D0355F8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:46:51.184709 66.196.65.35:41099 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:43699 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x15F7B5D5  Ack: 0xBB9B8731  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65801679 2855089380 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:56:37.237094 216.39.50.154:52331 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:65062 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xAA588FEA  Ack: 0xE11C1B3A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 705589721 2855389544 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-11:42:09.585180 66.196.65.24:59292 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:45010 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC00EFCCD  Ack: 0x8D996CB7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-12:46:06.940947 66.196.65.24:18085 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:15249 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69360D36  Ack: 0x7F4A28BE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-12:52:44.906007 66.196.65.35:59287 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:24243 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7595B03C  Ack: 0x98943889  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66556987 2858958222 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-14:08:46.488594 66.196.65.24:3912 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:58961 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA9B255C  Ack: 0xB73BAE9E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-14:43:18.848654 66.196.65.35:48084 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:2053 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x89DB8FB2  Ack: 0x3A2EEE69  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67220331 2862355989 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:06:22.858374 24.209.49.251:3949 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF15633C  Ack: 0x90389EC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:06:22.891851 24.209.49.251:3949 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF1568F0  Ack: 0x90389EC4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-15:11:07.091688 66.196.65.24:26177 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:63529 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AE3D84E  Ack: 0xA2577E1A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:33:23.017545 24.209.49.251:2962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3B0529  Ack: 0xF628CB8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:33:23.050320 24.209.49.251:2962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3B0ADD  Ack: 0xF628CB8B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:35:31.205265 24.98.153.56:3738 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF64097F9  Ack: 0xFFAE333A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:35:31.213702 24.98.153.56:3738 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6409DAD  Ack: 0xFFAE333A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:12:47.009386 66.196.65.24:45385 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:27480 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD6F4B10  Ack: 0x8C48166B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:13:50.535517 24.155.52.88:1275 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB5033FEC  Ack: 0x90323371  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:13:50.542380 24.155.52.88:1275 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB50345A0  Ack: 0x90323371  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:25:39.296536 24.209.210.252:4088 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24736 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBAD583D  Ack: 0xBBFC19A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:25:39.353076 24.209.210.252:4088 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBAD5DF1  Ack: 0xBBFC19A0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:47.432647 24.164.56.165:2976 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37637 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x28F96B78  Ack: 0x2553960A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:49.022714 24.164.56.165:3150 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38262 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x297C2628  Ack: 0x25BAE41F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:50.584224 24.164.56.165:3306 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38829 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x29ED841B  Ack: 0x265B3B25  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:51.882480 24.164.56.165:3496 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39353 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2A779211  Ack: 0x2640EE48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:02.130082 24.164.56.165:1277 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:43391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E1BEBA6  Ack: 0x264EF21B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:54:12.768114 24.164.56.165:2569 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47493 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x31CBB21F  Ack: 0x2730B39A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:54:14.212417 24.164.56.165:2760 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:48047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3255E776  Ack: 0x27280E2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:18.681943 24.164.56.165:3338 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:49957 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34007292  Ack: 0x2814355D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:19.996026 24.164.56.165:3521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:50552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3482CA1E  Ack: 0x2741BD88  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:21.066781 24.164.56.165:3693 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51001 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34F98958  Ack: 0x27BCD916  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:25.744659 24.164.56.165:4380 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52663 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3667F6CD  Ack: 0x27A4DD0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:27.204573 24.164.56.165:4741 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x37008132  Ack: 0x2838D134  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:28.662978 24.164.56.165:1071 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53762 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x378613AA  Ack: 0x28FD13EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:30.152451 24.164.56.165:1235 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37FBC1DF  Ack: 0x29617CCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:33.193129 24.164.56.165:1235 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:55702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37FBC1DF  Ack: 0x29617CCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:40.661777 24.164.56.165:2584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58827 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3BD78A02  Ack: 0x29EA92B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:42.006347 24.164.56.165:2787 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59382 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C6B8E4A  Ack: 0x29E0CFC0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-17:29:43.299465 24.167.23.63:3863 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33323 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F9645D2  Ack: 0xAE89FB7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-17:29:43.318943 24.167.23.63:3863 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33324 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F964B86  Ack: 0xAE89FB7E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-17:37:25.512741 66.196.65.35:48465 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:44263 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xACBC0FD4  Ack: 0xCC304D10  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68264915 2867706564 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-18:03:52.645321 66.196.65.24:6837 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:7605 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x722AEBDD  Ack: 0x2F0F8187  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-18:30:03.210245 209.237.238.158:1426 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:63904 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x2155CDEA  Ack: 0x91F9A984  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53471198 2869323882 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-19:23:31.978767 66.196.65.35:39731 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:3703 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA8C69D2D  Ack: 0x5C4F7342  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68901513 2870967351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-19:50:31.409341 66.196.65.24:27775 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48580 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7035F1CF  Ack: 0xC1D28C54  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-20:50:47.213817 66.196.65.24:45037 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:59474 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4B0C141F  Ack: 0xA5763E5F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.623484 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BE7A0  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.631200 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BED54  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.015552 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042173  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.042846 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44375 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042727  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:22:59.353432 66.196.65.35:34423 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:64518 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDD36C0B5  Ack: 0x203BBFE6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 69618196 2874638331 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:50.013100 24.189.230.118:4932 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:569 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA723A  Ack: 0x6A955018  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:50.393704 24.189.230.118:1169 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:661 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE53ADFB8  Ack: 0x6ABF315E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:53.792254 24.189.230.118:1406 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1329 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5E31809  Ack: 0x6AE7EDE7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:03.006096 24.189.230.118:1871 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3129 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE735FB24  Ack: 0x6B7D8C2B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:03.122037 24.189.230.118:1874 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE738E827  Ack: 0x6B50FBCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:43:12.226277 24.189.230.118:2305 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4786 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87BC116  Ack: 0x6C946F81  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:43:12.659741 24.189.230.118:2307 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4886 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87D73DD  Ack: 0x6C121E3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:12.918571 24.189.230.118:2311 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4948 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE881FBA1  Ack: 0x6C42F1C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.039084 24.189.230.118:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4962 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88530FE  Ack: 0x6BF88F6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.217142 24.189.230.118:2318 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4976 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88799AE  Ack: 0x6BE076A9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.642176 24.189.230.118:2320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5073 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88A31B5  Ack: 0x6C4848F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:17.091495 24.189.230.118:2494 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5699 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE90F8C14  Ack: 0x6CCF9FA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.272854 24.189.230.118:2539 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE93C62D4  Ack: 0x6CAB0206  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.412195 24.189.230.118:2541 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6310 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE93E2CC9  Ack: 0x6C679D76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.524055 24.189.230.118:2544 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6318 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE9414B87  Ack: 0x6C4DC9C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:29.892087 24.189.230.118:2925 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7471 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA68F8DF  Ack: 0x6CD5B74F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:18:02.868803 24.242.253.122:1810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20542 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A0CAD34  Ack: 0xEFA49F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:29:45.429162 66.196.65.35:43743 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33730 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x111C17BD  Ack: 0x1BAAC9F1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70018775 2876690181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:41:59.540863 24.219.28.221:1804 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44941 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x833B4C85  Ack: 0x4AD91963  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:00.059526 24.219.28.221:1851 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:45061 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x83601BB4  Ack: 0x4ABC5BAA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:11.380191 24.219.28.221:2562 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x85913590  Ack: 0x4B5D724D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:20.690859 24.219.28.221:3071 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:48393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8727D8B2  Ack: 0x4B4DC3DF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:30.010121 24.219.28.221:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49664 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88B46B34  Ack: 0x4BFD988F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:42:30.362863 24.219.28.221:3602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49734 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88C77B45  Ack: 0x4C7367F2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:42:30.719932 24.219.28.221:3626 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49829 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88D96D36  Ack: 0x4C602F29  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.039703 24.219.28.221:3658 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49915 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x88F384CB  Ack: 0x4C285FAC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.348352 24.219.28.221:3681 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49984 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8906776F  Ack: 0x4C1CA777  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.662791 24.219.28.221:3699 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x89141D41  Ack: 0x4C7FEEAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.972419 24.219.28.221:3720 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50091 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x892522A2  Ack: 0x4C2BD67B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:32.368929 24.219.28.221:3745 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50144 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x893828F9  Ack: 0x4CF3BBA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:32.671901 24.219.28.221:3763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x894726ED  Ack: 0x4C4A5173  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:35.908550 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52  Ack: 0x4C56DD0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:38.861954 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51062 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52  Ack: 0x4C56DD0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:39.073377 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51094 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8A5A4016  Ack: 0x4C992885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:39.440072 24.219.28.221:4124 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A68380B  Ack: 0x4CD9A257  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:13:08.780785 200.149.157.153:4455 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:18122 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x4172F617  Ack: 0xBF7EF89C  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:13:08.885376 200.149.157.153:4455 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:18123 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x4172FB9D  Ack: 0xBF7EF89C  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:33:29.795264 66.196.65.35:42532 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:31661 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8AF6834B  Ack: 0xD185878  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70401179 2878648928 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:36:19.230643 80.117.71.238:1860 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:13874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18E03F13  Ack: 0x172020A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:36:19.273908 80.117.71.238:1860 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:13875 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18E044C7  Ack: 0x172020A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:16.832623 24.160.157.79:4828 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43729 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x26701386  Ack: 0x44DC3FAD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.228858 24.160.157.79:4839 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44780 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x267916A1  Ack: 0x44799340  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.440278 24.160.157.79:4847 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:49739 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x267FDE80  Ack: 0x44558557  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.676900 24.160.157.79:4853 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57721 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2685D935  Ack: 0x447A6D22  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.907642 24.160.157.79:4856 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x26888190  Ack: 0x44748D9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:48:18.117692 24.160.157.79:4860 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60677 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x268B783B  Ack: 0x44A958FF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:48:21.607621 24.160.157.79:4917 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60843 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x26BE2275  Ack: 0x44D55067  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:25.383804 24.160.157.79:4961 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61015 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x26D1E31D  Ack: 0x4544C735  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:28.824481 24.160.157.79:1092 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61113 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2720B90E  Ack: 0x45DF5282  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:29.031855 24.160.157.79:1094 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61129 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x27235188  Ack: 0x452C755B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:32.629941 24.160.157.79:1137 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61225 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x274EBB01  Ack: 0x45D5BD24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:32.853842 24.160.157.79:1142 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x27537D85  Ack: 0x45E29784  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.072089 24.160.157.79:1144 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61245 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x27558D79  Ack: 0x45B74EB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.299854 24.160.157.79:1145 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27571191  Ack: 0x456F2D52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.502257 24.160.157.79:1147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61261 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2759C81F  Ack: 0x4618ABE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:37.040073 24.160.157.79:1189 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61361 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27843D58  Ack: 0x45F77031  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:05:51.195902 24.162.150.179:1812 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:175 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21C2C25B  Ack: 0x86B549D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:05:51.226233 24.162.150.179:1812 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:176 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21C2C80F  Ack: 0x86B549D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:10:44.071440 66.196.65.24:2837 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61735 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x95D39946  Ack: 0x9A73E1EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:35.049578 24.98.99.141:3240 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6FC3A63  Ack: 0xC98499EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:45.514705 24.98.99.141:3650 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47363 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF847CC10  Ack: 0xCACF599F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:46.443887 24.98.99.141:3670 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47447 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF858B6F0  Ack: 0xCABAEA48  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:47.263823 24.98.99.141:3725 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47573 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF883B526  Ack: 0xCA7E6828  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:55.106743 24.98.99.141:3882 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48641 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF9036EDE  Ack: 0xCB5C1544  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:23:55.622224 24.98.99.141:4063 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48718 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF98A3494  Ack: 0xCAB55F16  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:24:02.772944 24.98.99.141:4271 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49920 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA2A619D  Ack: 0xCB94F44F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:03.366316 24.98.99.141:4439 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50005 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFAAE2816  Ack: 0xCB67D454  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:06.965872 24.98.99.141:4628 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50555 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB3FA73C  Ack: 0xCC4971AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:07.507019 24.98.99.141:4634 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB457C33  Ack: 0xCBBED59A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:11.795037 24.98.99.141:4958 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBC60618  Ack: 0xCBE8FF89  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:12.361891 24.98.99.141:3023 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBEBEEF8  Ack: 0xCBC6E4FC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:22.104774 24.98.99.141:3438 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52628 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD34438D  Ack: 0xCCB2023F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:22.563158 24.98.99.141:3453 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD3FABAE  Ack: 0xCD37DCEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:25.756712 24.98.99.141:3453 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53257 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD3FABAE  Ack: 0xCD37DCEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:32.051828 24.98.99.141:3896 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54291 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFE9D3F32  Ack: 0xCD3328CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:26:45.747030 24.30.124.220:2869 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:43760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFEC54B4  Ack: 0xD627C742  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:26:45.753881 24.30.124.220:2869 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:43761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFEC5A68  Ack: 0xD627C742  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:44:08.371495 66.196.65.35:54264 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33153 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE751A169  Ack: 0x176E3245  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70825006 2880819857 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-01:14:06.409079 66.196.65.24:26815 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:62543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x733B21C5  Ack: 0x88639FF7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-02:08:58.728188 66.196.65.35:35953 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:37812 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA45BC3D5  Ack: 0x5800E09A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71334007 2883427064 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-03:45:50.606973 202.100.20.76:5577 -> 192.168.1.6:80
TCP TTL:29 TOS:0x0 ID:24340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE8F13E  Ack: 0xC5B3F52A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-03:45:50.613600 202.100.20.76:5577 -> 192.168.1.6:80
TCP TTL:29 TOS:0x0 ID:24341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE8F6F2  Ack: 0xC5B3F52A  Win: 0x2000  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-03:50:43.961152 66.196.65.35:37646 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:17063 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3438AB8  Ack: 0xD817CAD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71944474 2886554001 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-05:39:16.977809 66.196.65.24:11430 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45855 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53BDE9F7  Ack: 0x72BC284D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-07:27:39.900309 66.196.65.35:49435 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22579 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2424029  Ack: 0xBC3048F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73245972 2893220525 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-09:07:20.021995 66.196.65.35:36903 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:7149 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEC4EFFEF  Ack: 0x849222A1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73843938 2896283424 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-09:29:39.857678 66.196.65.24:18990 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38887 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCD27A040  Ack: 0xD8972F99  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-11:14:23.941867 66.196.65.24:59735 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:30712 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x486170BE  Ack: 0x641EFFC9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-11:53:52.375704 24.209.210.252:2241 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB2796BD  Ack: 0xF9EE94EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-11:53:52.428272 24.209.210.252:2241 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB279C71  Ack: 0xF9EE94EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:35.081495 24.209.210.252:3685 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x110C8639  Ack: 0x30840A2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:35.111524 24.209.210.252:3685 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13974 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x110C8BED  Ack: 0x30840A2C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:38.929863 24.130.219.16:4859 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:42932 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA1B582FD  Ack: 0x301FEE78  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:39.763773 24.130.219.16:4887 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:42990 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA1C43542  Ack: 0x301E352A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:44.433450 24.130.219.16:4951 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43239 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA1F7C707  Ack: 0x30BEDE00  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:45.734477 24.130.219.16:4982 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43318 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA20A12BA  Ack: 0x31DBEBFC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:46.391976 24.130.219.16:3015 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA21C6B54  Ack: 0x3176514B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:08:46.837396 24.130.219.16:3023 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43413 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA224E788  Ack: 0x3232057C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:08:51.167219 24.130.219.16:3084 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA25F47DA  Ack: 0x31C1D028  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:55.753421 24.130.219.16:3134 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43909 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA293AF41  Ack: 0x32127AD6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:56.303121 24.130.219.16:3148 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2A2F5ED  Ack: 0x31F2E3D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:57.147146 24.130.219.16:3153 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2A91588  Ack: 0x3201D675  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:01.960036 24.130.219.16:3211 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44281 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E1FFC2  Ack: 0x32D58984  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:12.261111 24.130.219.16:3348 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44882 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA370AF46  Ack: 0x32ED6609  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:13.075858 24.130.219.16:3354 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44928 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA3784890  Ack: 0x33BC7BE7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:14.159762 24.130.219.16:3369 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3862B4E  Ack: 0x335518DB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:14.754827 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45036 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA3950BF5  Ack: 0x339A288F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:18.821208 24.130.219.16:3438 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45272 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3CC2C91  Ack: 0x337B1C22  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:16:03.979943 64.210.196.198:33032 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:7351 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0xA2F92A7  Ack: 0x4D4C1D4F  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:42:11.826981 66.196.65.35:49249 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:56674 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD5F420F  Ack: 0xB02B9ED5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75133016 2902886344 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:53:11.930936 66.196.65.24:23659 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA71060C  Ack: 0xD9EAA4F2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-13:06:36.864545 24.209.210.252:4596 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:57581 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x58F78B3D  Ack: 0xC252E31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-13:06:36.896979 24.209.210.252:4596 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:57582 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x58F790F1  Ack: 0xC252E31  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-14:35:22.247193 66.196.65.24:59380 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28799 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5A17193D  Ack: 0x5B870CF6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-14:42:08.367771 66.196.65.35:51721 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:30466 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5AC48D43  Ack: 0x74D43FA6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75852615 2906572273 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.580886 24.191.37.113:3564 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62726 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C36ACB3  Ack: 0xC811A3F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.817322 24.191.37.113:3567 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62742 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C39FE38  Ack: 0xC757D971  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.936412 24.191.37.113:3571 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C3C5CDB  Ack: 0xC78DB4C8  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.062717 24.191.37.113:3574 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62768 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C3EA98C  Ack: 0xC829D38B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.216036 24.191.37.113:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62779 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C429C21  Ack: 0xC788E8A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:04:02.356729 24.191.37.113:3585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62798 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C47FD5B  Ack: 0xC78E3A19  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:04:02.477013 24.191.37.113:3587 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62807 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C49E2FF  Ack: 0xC78F62C5  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.606274 24.191.37.113:3589 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62816 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5C4BE637  Ack: 0xC76D50FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.770779 24.191.37.113:3597 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62832 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C51F0D2  Ack: 0xC78EFF5E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.909802 24.191.37.113:3600 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C5491B5  Ack: 0xC820166C  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:03.036231 24.191.37.113:3603 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62859 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C57B22F  Ack: 0xC79BCB24  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:03.153084 24.191.37.113:3605 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62868 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C59D906  Ack: 0xC7A32CA1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:06.633531 24.191.37.113:3709 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63135 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5CB16C81  Ack: 0xC79C8A32  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:06.760891 24.191.37.113:3713 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63150 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CB4B9B6  Ack: 0xC8907A8C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:09.777559 24.191.37.113:3713 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CB4B9B6  Ack: 0xC8907A8C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:09.890178 24.191.37.113:3795 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63341 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5CFA9097  Ack: 0xC87284EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:10.008706 24.191.37.113:3802 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63352 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CFF7C75  Ack: 0xC7FC494A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:46:59.444740 66.196.65.24:28096 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:854 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41BF9B13  Ack: 0x69661B21  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-16:11:27.156366 24.99.77.52:1879 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24759 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0x22E45EC5  Ack: 0xC6114EF6  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-16:11:27.157564 24.99.77.52:1879 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24760 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0x22E46415  Ack: 0xC6114EF6  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-16:48:36.222497 66.196.65.24:34291 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27066 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x71833FE9  Ack: 0x5349CB0B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:42:13.972202 24.136.217.109:3642 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20278 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x379E3ED5  Ack: 0x1D91037B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:42:13.982224 24.136.217.109:3642 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20279 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x379E4489  Ack: 0x1D91037B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-17:43:20.625181 66.196.65.35:43123 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:29689 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3CA50498  Ack: 0x221DF024  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76939830 2912141204 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.913866 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E41C24  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.928002 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E421D8  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-18:02:24.066204 66.196.65.24:64338 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:63456 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x38C1459F  Ack: 0x6A3AC058  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/12-18:11:35.597433 12.126.33.98 -> 192.168.1.6
ICMP TTL:235 TOS:0x0 ID:26818 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:39848 -> 208.244.233.4:113
TCP TTL:49 TOS:0x0 ID:19566 IpLen:20 DgmLen:60 DF
Seq: 0x8BDAB2C1  Ack: 0x97FAE83E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-19:50:27.121761 24.209.49.251:2121 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:26167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5C170BF0  Ack: 0x1AEE950  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-19:50:27.152278 24.209.49.251:2121 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:26168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5C1711A4  Ack: 0x1AEE950  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:04:29.559785 24.136.138.173:1292 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11447 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD04916DE  Ack: 0x3789A4BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:04:29.566029 24.136.138.173:1292 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11448 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0491C92  Ack: 0x3789A4BA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:38:22.350526 24.202.106.81:3570 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20831 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA76A6280  Ack: 0xB7011F9D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-20:55:22.344823 66.196.65.24:49858 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20228 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x871E3182  Ack: 0xF72A582F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-21:05:20.629869 66.196.65.35:37941 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:62566 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x87072C71  Ack: 0x1C055CD0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78151739 2918348837 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-22:43:07.117736 66.196.65.35:60479 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:20437 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA4274694  Ack: 0x8E9F3BD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78738339 2921353514 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-23:38:12.439317 66.196.65.24:12156 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24208 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41DEE675  Ack: 0x5E804189  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-23:48:14.242140 24.130.90.29:2266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:59904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CC71725  Ack: 0x8315FAA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-23:48:14.248788 24.130.90.29:2266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:59905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CC71CD9  Ack: 0x8315FAA5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:44.034988 24.46.127.157:3342 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40104 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93A83B6D  Ack: 0xBE5D87BF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:47.976424 24.46.127.157:3369 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40505 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93BEA6ED  Ack: 0xBEA2EFC0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:51.940323 24.46.127.157:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40881 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x94860892  Ack: 0xBF262994  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:52.097785 24.46.127.157:3607 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40900 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x94886717  Ack: 0xBEE5DAEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:03:52.418938 24.46.127.157:3611 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40935 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x948C9B1A  Ack: 0xBF40CBFD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:04:01.770054 24.46.127.157:3871 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41588 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9565F9D0  Ack: 0xC020595E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:01.917205 24.46.127.157:3876 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41604 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x956A4C13  Ack: 0xBF8BF254  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:02.041953 24.46.127.157:3882 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95704597  Ack: 0xBFA12D64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:05.497971 24.46.127.157:3953 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95AD19EC  Ack: 0xC0157AD1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:08.876269 24.46.127.157:4056 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42029 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96031007  Ack: 0xC0336F18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.663997 24.46.127.157:4320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42736 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96E38666  Ack: 0xC128A2B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.802724 24.46.127.157:4328 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42745 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x96EACC50  Ack: 0xC128BE52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.926156 24.46.127.157:4331 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96ED3D9C  Ack: 0xC0B650CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:21.848045 24.46.127.157:4331 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96ED3D9C  Ack: 0xC0B650CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:22.042321 24.46.127.157:4442 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43084 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x974D1441  Ack: 0xC1348EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:22.350172 24.46.127.157:4444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43104 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x974F1222  Ack: 0xC165A942  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:53:16.597286 24.126.123.161:1849 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:2125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC4494E89  Ack: 0x79BE38AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:53:16.611960 24.126.123.161:1849 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:2126 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC449543D  Ack: 0x79BE38AB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:58:41.859798 66.196.65.24:56288 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3237 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x58190468  Ack: 0x8E164FE8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-02:03:57.547527 66.196.65.24:9712 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51726 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4A434FCA  Ack: 0x847C747B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-03:07:21.087374 66.196.65.35:36260 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:114 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8CC9576F  Ack: 0x7442FFA3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80323608 2929473587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-03:39:41.887794 66.196.65.24:20167 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28075 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x83FE4355  Ack: 0xEE6DB8B6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:05.361577 24.98.99.141:3679 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9045 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x35930AE1  Ack: 0x4AB08214  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:05.873191 24.98.99.141:3713 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9149 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x35AEBF5C  Ack: 0x4ABCD771  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:06.244008 24.98.99.141:3728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9208 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35BCAD78  Ack: 0x4A48D90C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:06.885678 24.98.99.141:3744 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9283 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35C80E5B  Ack: 0x4B17B9BD  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:07.702579 24.98.99.141:3769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9378 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x35DAE387  Ack: 0x4B0E900E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-04:04:08.395723 24.98.99.141:3792 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9470 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35ED7CCE  Ack: 0x4A5207AB  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-04:04:09.245557 24.98.99.141:3806 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9555 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35FAC7E0  Ack: 0x4A66B114  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:19.030306 24.98.99.141:4127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10730 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x36FF75A3  Ack: 0x4B403F4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:23.046993 24.98.99.141:4239 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3759F339  Ack: 0x4BACAEAC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:32.912144 24.98.99.141:4544 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:12353 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x385975C6  Ack: 0x4C8711A5  Win: 0xFAF0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:41.656045 24.98.99.141:4875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:13306 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3932466E  Ack: 0x4CB3A656  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:51.685739 24.98.99.141:3244 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14487 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3A371D04  Ack: 0x4DE2BFE9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:52.261008 24.98.99.141:3263 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3A47EF1A  Ack: 0x4DF011D6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:52.846084 24.98.99.141:3280 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14651 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3A56C529  Ack: 0x4DE6CC9B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:56.803450 24.98.99.141:3421 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15217 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3ACBFCDA  Ack: 0x4EBDF2C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-05:40:12.733804 64.68.82.36:15800 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:25216 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x7A519CB4  Ack: 0xB4EA516B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 927334894 2934167083 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-06:01:02.120096 66.196.65.35:47309 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:15291 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x355B39DD  Ack: 0x3E31CBE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 81365631 2934811040 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-06:29:27.687673 66.196.65.24:7021 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:54338 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDC44214A  Ack: 0x70C65D2B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-07:56:59.052852 66.196.65.35:45126 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:5525 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD7029ABE  Ack: 0xB98B0A04  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 82061272 2938374250 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-09:20:36.804967 24.161.243.248:3110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:61018 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB602996  Ack: 0xF59C5D96  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-09:20:36.835810 24.161.243.248:3110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:61019 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB602F4A  Ack: 0xF59C5D96  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-09:26:33.605591 66.196.65.24:3452 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:61927 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB8ADD027  Ack: 0xD9526CC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-10:01:01.486983 24.209.210.252:3651 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63160 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9061B97C  Ack: 0x8E7446BD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-10:01:01.493742 24.209.210.252:3651 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63161 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9061BF30  Ack: 0x8E7446BD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-10:59:29.028286 66.196.65.24:8197 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:457 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3284D8E8  Ack: 0x6BCB90A2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-12:38:16.069904 66.196.65.24:21590 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28393 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD68E08BC  Ack: 0xE0855B8F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-12:45:19.190338 24.162.63.181:1599 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E35506B  Ack: 0xFBB362C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-12:45:19.221104 24.162.63.181:1599 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E35561F  Ack: 0xFBB362C7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-15:26:54.435183 24.225.153.162:1363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61053 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E46D6D  Ack: 0x5DCF0274  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-15:26:54.470616 24.225.153.162:1363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61054 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E47321  Ack: 0x5DCF0274  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-17:53:44.551486 24.225.137.228:1415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFE573C  Ack: 0x88D73E15  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-17:53:44.810513 24.225.137.228:1415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFE5CF0  Ack: 0x88D73E15  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:08:41.396058 66.196.65.35:37310 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12177 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6DA0D531  Ack: 0xC0FF083F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 85731226 2957172474 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:11:18.019759 66.196.65.24:13700 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19070 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4B2083E7  Ack: 0xCA46DC1D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-19:38:42.843618 24.145.197.22:2984 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1F8C72  Ack: 0x158260E8  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-19:38:42.851639 24.145.197.22:2984 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1F9226  Ack: 0x158260E8  Win: 0x16D0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-21:50:44.869594 66.196.65.35:54857 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:34935 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x26AC6270  Ack: 0x746A64F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87063475 2963996520 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:05:44.180062 66.196.65.35:41833 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:27485 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x796AD4BD  Ack: 0x23758C50  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87513371 2966300985 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-01:08:55.570218 24.148.39.97:1583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:55029 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCDAF593  Ack: 0xF503AC73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-01:08:55.575490 24.148.39.97:1583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:55030 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCDAFB47  Ack: 0xF503AC73  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:09:22.724777 66.196.65.24:15641 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:141 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2903D811  Ack: 0xF5BB6E0C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:51:24.334913 66.196.65.35:47339 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18969 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDA399309  Ack: 0x95A174ED  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 88507313 2971392144 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-02:57:07.663610 24.98.239.151:3218 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AA62C48  Ack: 0x8DCF5E19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-02:57:07.671842 24.98.239.151:3218 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20548 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AA631FC  Ack: 0x8DCF5E19  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:26:37.214897 66.196.65.35:40966 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:56583 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3D1C6F8C  Ack: 0xFCE51A51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 89078556 2974318173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-08:41:33.681100 66.196.65.35:53033 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38185 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6831146F  Ack: 0xA31A69B9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 90968052 2983996540 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-10:34:18.850065 66.196.65.35:48907 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:57287 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x538072C9  Ack: 0x4CA5C07B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 91644517 2987461530 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-10:55:16.406341 66.196.65.24:16397 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:22205 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBDEB8C7F  Ack: 0x9C7E30EF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:04.874158 24.208.193.218:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53608 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1DE46B12  Ack: 0x9EF75B07  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:05.818561 24.208.193.218:3747 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53727 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1DED8004  Ack: 0x9F2FCD94  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:06.595858 24.208.193.218:3773 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E032E0C  Ack: 0x9F51ED20  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:07.318240 24.208.193.218:3786 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53945 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E0F6CDF  Ack: 0x9F00C384  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:17:32.165009 66.196.65.24:35134 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:42184 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCDD73D64  Ack: 0xD25435A6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:29:37.439983 66.196.65.35:44266 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9991 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEDC5B848  Ack: 0x332B13  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 92336322 2991005093 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:00.997526 24.158.6.15:4065 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36969 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64AE0FC3  Ack: 0x5B999932  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:07.042398 24.158.6.15:4096 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37419 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x64CE3DD4  Ack: 0x5BA8F73B  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:11.656626 24.158.6.15:4162 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37778 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x650F9B51  Ack: 0x5C23D008  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:13.655052 24.158.6.15:4225 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37937 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x65505B24  Ack: 0x5C546AAC  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:15.493679 24.158.6.15:4256 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x656F445D  Ack: 0x5D36CF05  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:54:17.247543 24.158.6.15:4278 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38212 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6584C251  Ack: 0x5CD29BF6  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:54:22.639816 24.158.6.15:4310 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65A58221  Ack: 0x5D47BBCE  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:24.283394 24.158.6.15:4375 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38785 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x65E4FE66  Ack: 0x5D9AAA6A  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:26.116640 24.158.6.15:4402 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38912 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65FDE984  Ack: 0x5D8BBD96  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:29.887556 24.158.6.15:4420 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6611D2B5  Ack: 0x5D96F42D  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:30.872679 24.158.6.15:4479 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39320 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x664D0DB0  Ack: 0x5D4E68A7  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:32.009382 24.158.6.15:4496 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39434 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x665E5F26  Ack: 0x5E3737A9  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:32.204047 24.158.6.15:4514 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39495 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x666FFDE0  Ack: 0x5DD415F9  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:33.370432 24.158.6.15:4527 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39585 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x667A3817  Ack: 0x5DAD4A43  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:34.344710 24.158.6.15:4558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39727 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66955E95  Ack: 0x5DBB9393  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:35.510659 24.158.6.15:4576 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66A68364  Ack: 0x5D90101B  Win: 0xFC00  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-13:55:48.468385 64.68.82.34:47963 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:24274 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x8383F76  Ack: 0x45D855BC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 938959317 2993653415 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:39:44.861768 66.196.65.24:23481 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:54213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF2E72DD5  Ack: 0xEB88D3AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:12:59.914887 24.120.188.236:4159 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52755 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF79B2D9A  Ack: 0x68C339D2  Win: 0x42C0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:00.578546 24.120.188.236:4192 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52853 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF7B7AA3E  Ack: 0x692561DE  Win: 0x42C0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:00.853100 24.120.188.236:4204 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52891 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7C1B009  Ack: 0x692F1B78  Win: 0x42C0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:01.124700 24.120.188.236:4245 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7E1F6DE  Ack: 0x69A95682  Win: 0x42C0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:01.385814 24.120.188.236:4257 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53080 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7EBFE68  Ack: 0x699EB355  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:13:01.666101 24.120.188.236:4266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53109 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F33C7E  Ack: 0x6970F40F  Win: 0x42C0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:13:01.935685 24.120.188.236:4270 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53131 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F7943A  Ack: 0x692A94D9  Win: 0x42C0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.200445 24.120.188.236:4279 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53154 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF7FEF3EE  Ack: 0x69070A27  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.502131 24.120.188.236:4287 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53188 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF80646F2  Ack: 0x69A7EC54  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.758226 24.120.188.236:4306 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53211 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF81564BB  Ack: 0x69A133BC  Win: 0x42C0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.012971 24.120.188.236:4312 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53259 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF81AD10A  Ack: 0x69392BAC  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.288950 24.120.188.236:4402 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53355 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF85DC81D  Ack: 0x69DE8D22  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.576066 24.120.188.236:4425 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53581 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF86F0B95  Ack: 0x692124B6  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.826024 24.120.188.236:4433 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53668 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8767F1C  Ack: 0x693D6211  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:04.081079 24.120.188.236:4441 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF87D0ECE  Ack: 0x698D285A  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:07.353242 24.120.188.236:4449 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:55039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8839D8D  Ack: 0x69B356B8  Win: 0x42C0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:28.733548 24.242.253.122:2441 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4444 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7AC67B3  Ack: 0xEEF711D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:30.909367 24.242.253.122:1045 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5474 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD2779D0  Ack: 0xEF4FDE41  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:41.055069 24.242.253.122:2734 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10275 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x11E15769  Ack: 0xEFA9AB03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:48:42.683831 24.242.253.122:2885 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12498E92  Ack: 0xEFEB111A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:09.790128 24.242.253.122:3970 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23027 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x14D423CD  Ack: 0xF02171B6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:11.262403 24.242.253.122:4701 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1F2284EB  Ack: 0xF18AB783  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:12.942994 24.242.253.122:1103 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24510 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1FBB5C37  Ack: 0xF1647072  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:15.376752 24.242.253.122:1438 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25479 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x20A6FBDC  Ack: 0xF236BC26  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:20.217479 24.242.253.122:1752 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:27503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x218BD834  Ack: 0xF23365B7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:22.133956 24.242.253.122:2514 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28200 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x23A422E8  Ack: 0xF2091691  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:23.618084 24.242.253.122:2728 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28915 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x243BA4CD  Ack: 0xF1ED6EF0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:25.353465 24.242.253.122:3028 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29778 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x250D033F  Ack: 0xF2D3790C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:27.397071 24.242.253.122:3310 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30503 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x25DEBDC5  Ack: 0xF2841EF9  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-16:04:23.577617 66.196.65.24:43535 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20490 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA532ECB  Ack: 0x2B5C929E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-17:56:03.020062 66.196.65.24:42783 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:34517 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC01D3721  Ack: 0xD0BCFFA4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-19:59:00.923182 66.196.65.24:60089 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:5969 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC9BAF9BB  Ack: 0xA1A6E2D7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-21:16:56.842790 66.196.65.24:1719 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28283 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEC37F126  Ack: 0xC8B4828D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:14:20.372164 66.196.65.35:46968 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12128 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x443D6CFD  Ack: 0xA1FE2E82  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 95844349 3008973903 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:57:50.401021 66.196.65.24:46582 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51786 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x13C9E763  Ack: 0x455D224A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:47.518703 24.162.12.210:2592 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29430 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFFFB7AB  Ack: 0x98A3305B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:48.019290 24.162.12.210:2611 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29520 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x100F40C3  Ack: 0x9908F8DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:48.600030 24.162.12.210:2623 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29596 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1018C964  Ack: 0x98CCBECD  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:49.157891 24.162.12.210:2645 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29698 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x102CBBDC  Ack: 0x995A583E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:49.389228 24.162.12.210:2661 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29749 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x103AEBA3  Ack: 0x99663767  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-00:27:49.710674 24.162.12.210:2674 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29816 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1045B546  Ack: 0x98CDB3C8  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-00:27:49.979780 24.162.12.210:2690 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29878 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1052F5E2  Ack: 0x99010EA9  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:50.193487 24.162.12.210:2700 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29913 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x105C8FEC  Ack: 0x98ED001E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:50.636271 24.162.12.210:2707 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29983 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1062994F  Ack: 0x99543CB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.152036 24.162.12.210:2733 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30082 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1076FBDD  Ack: 0x999D8DDC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.503163 24.162.12.210:2762 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30168 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x108D97B4  Ack: 0x996FF4EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.876239 24.162.12.210:2769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30243 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1093A99E  Ack: 0x9949C174  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.086000 24.162.12.210:2793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30315 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x10A6A4D1  Ack: 0x993B9982  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.301137 24.162.12.210:2815 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x10B7C815  Ack: 0x99635D1A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.891662 24.162.12.210:2837 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30516 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x10C9B75C  Ack: 0x996E1519  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:53.260317 24.162.12.210:2858 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30599 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x10DB35B6  Ack: 0x99B81E3B  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.259534 24.209.36.207:4842 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32162 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x99118238  Ack: 0x4C253B1B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.441362 24.209.36.207:4844 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32173 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x991427EC  Ack: 0x4C4A35BD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.556643 24.209.36.207:4846 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32180 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x99160618  Ack: 0x4C33DC8E  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.649178 24.209.36.207:4848 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32189 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9917E6D3  Ack: 0x4C7E8C34  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.745120 24.209.36.207:4850 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32196 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x99199B1C  Ack: 0x4C14E140  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:15:08.831821 24.209.36.207:4851 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32207 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x991A9DFD  Ack: 0x4CDC89C6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:15:08.918775 24.209.36.207:4854 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32221 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x991CBE33  Ack: 0x4C52EA55  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.025258 24.209.36.207:4856 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x991E7EBB  Ack: 0x4C38AD87  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.105382 24.209.36.207:4858 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32237 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99208302  Ack: 0x4C306BB0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.230090 24.209.36.207:4862 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99237E13  Ack: 0x4CC02038  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.324555 24.209.36.207:4865 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32263 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9925A9B2  Ack: 0x4CE9A8AC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.421003 24.209.36.207:4869 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32276 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9928CE93  Ack: 0x4CC9CD5C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.548204 24.209.36.207:4872 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32288 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x992BCB0A  Ack: 0x4C789399  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.610211 24.209.36.207:4874 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x992D28EE  Ack: 0x4CBA556F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.691845 24.209.36.207:4874 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32504 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x992D28EE  Ack: 0x4CBA556F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.762285 24.209.36.207:4988 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32511 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x996A2CA0  Ack: 0x4C88E9B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.846981 24.209.36.207:4989 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32517 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x996B10BF  Ack: 0x4C5D6B07  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-02:24:51.263111 66.196.65.24:16442 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19349 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF44C883D  Ack: 0x54076F01  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-02:50:07.847752 24.62.42.136:2333 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:52764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F0DBE84  Ack: 0xB21C7141  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-02:50:07.856078 24.62.42.136:2333 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:52765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F0DC438  Ack: 0xB21C7141  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-04:05:13.345745 24.29.155.70:2048 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7C3F1BC  Ack: 0xCE449119  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-04:05:13.369959 24.29.155.70:2048 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7C3F770  Ack: 0xCE449119  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-06:09:21.259804 24.239.182.109:4641 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB1B8815  Ack: 0xA38D824B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-06:09:21.290046 24.239.182.109:4641 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB1B8DC9  Ack: 0xA38D824B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.608014 24.208.193.218:2998 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:959 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB8C8780A  Ack: 0xACB60BF8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.723527 24.208.193.218:3003 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:975 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB8CC7545  Ack: 0xAD46B801  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.818852 24.208.193.218:3005 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:984 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8CE18AD  Ack: 0xAD442BF6  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.890420 24.208.193.218:3008 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8D0DEFF  Ack: 0xAD30F335  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.271796 24.208.193.218:3013 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1269 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB8D49359  Ack: 0xACE4F7D7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-09:35:26.340108 24.208.193.218:3094 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1280 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB91B33D2  Ack: 0xAD1AA4C2  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-09:35:26.416723 24.208.193.218:3095 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1290 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB91C927A  Ack: 0xACF732F0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.501796 24.208.193.218:3097 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1308 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB91E444E  Ack: 0xAD0F0374  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.591297 24.208.193.218:3102 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92330A9  Ack: 0xAD31B907  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.686023 24.208.193.218:3106 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1342 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92603E1  Ack: 0xAD240D36  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.774501 24.208.193.218:3108 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1355 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9284ACA  Ack: 0xAD9FED18  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.838657 24.208.193.218:3111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1367 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92ACDE7  Ack: 0xAD760728  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.937517 24.208.193.218:3114 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1387 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB92DA129  Ack: 0xAD6957AD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.010829 24.208.193.218:3117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9306E44  Ack: 0xAD630A78  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.086169 24.208.193.218:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1417 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB932AC63  Ack: 0xACF35D9A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.193391 24.208.193.218:3124 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1438 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB936580E  Ack: 0xAD45D40D  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-10:25:17.860005 66.196.65.24:3799 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:6648 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3EBD8D16  Ack: 0x6A4EC481  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-11:03:09.930915 24.148.65.68:1290 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:21870 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA88B2C88  Ack: 0xF97D42D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-11:03:09.936577 24.148.65.68:1290 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:21871 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA88B323C  Ack: 0xF97D42D9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-11:45:30.429260 66.196.65.24:13834 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:34524 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD56142F2  Ack: 0x995E0DBE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:10.087693 24.61.174.158:51146 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:39258 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x87EB288  Ack: 0xC6FDD6E7  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:12.887380 24.61.174.158:51146 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:39868 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x87EB288  Ack: 0xC6FDD6E7  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.203565 24.61.174.158:51487 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40482 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x993928B  Ack: 0xC6DE79AB  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.585326 24.61.174.158:51528 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40595 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B452CE  Ack: 0xC6A393CE  Win: 0x2000  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.778554 24.61.174.158:51584 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40726 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DE5A58  Ack: 0xC6D52171  Win: 0x2000  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.987600 24.61.174.158:51596 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40780 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E7BDE7  Ack: 0xC6F57116  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-13:05:16.374129 24.61.174.158:51604 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40928 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9EF2B54  Ack: 0xC6FE5CDB  Win: 0x2000  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-13:05:16.556527 24.61.174.158:51678 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40965 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA2AA0C3  Ack: 0xC685F21C  Win: 0x2000  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:17.280962 24.61.174.158:51707 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:41127 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA42B0D2  Ack: 0xC6B1294C  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:17.966373 24.61.174.158:51761 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:41302 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA6E2170  Ack: 0xC7788848  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:21.757095 24.61.174.158:51807 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42233 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9213E3  Ack: 0xC7066DB2  Win: 0x2000  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:22.732403 24.61.174.158:52060 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5DA702  Ack: 0xC79FFD33  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.078847 24.61.174.158:52099 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42569 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7C9B4C  Ack: 0xC70A3DBE  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.479031 24.61.174.158:52130 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42691 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB960537  Ack: 0xC744F303  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.642734 24.61.174.158:52155 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42811 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBAA4715  Ack: 0xC709D13A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:26.721590 24.61.174.158:52155 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43656 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBAA4715  Ack: 0xC709D13A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:26.978427 24.61.174.158:52411 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43757 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC79343B  Ack: 0xC8090282  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:27.737089 24.61.174.158:52456 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC9CAC45  Ack: 0xC7AEF965  Win: 0x2000  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-14:18:40.040557 24.217.85.28:1884 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57871 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3CFF63E  Ack: 0xDCA89487  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-14:18:40.111092 24.217.85.28:1884 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57872 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3CFFBF2  Ack: 0xDCA89487  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.631497 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED41C13  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.660073 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED421C7  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:39:24.368044 24.130.75.129:3365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B58E820  Ack: 0xD14BB6FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:39:24.376172 24.130.75.129:3365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61854 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B58EDD4  Ack: 0xD14BB6FE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-18:57:00.495531 24.238.141.78:1652 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0350811  Ack: 0xF7B0D3C4  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-18:57:00.526317 24.238.141.78:1652 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0350DC5  Ack: 0xF7B0D3C4  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:54.655419 24.66.107.87:2222 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:15610 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCCFFFB29  Ack: 0x191D28FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:55.741383 24.66.107.87:2243 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16134 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD12BDB2  Ack: 0x19AC532C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:56.329870 24.66.107.87:2251 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD18875B  Ack: 0x1958BF56  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:57.149802 24.66.107.87:2259 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17011 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD230836  Ack: 0x1980C468  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:57.464399 24.66.107.87:2264 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17203 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD273E9B  Ack: 0x19772025  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-20:13:57.838433 24.66.107.87:2271 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17400 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD2EAE89  Ack: 0x197524EA  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-20:13:58.314749 24.66.107.87:2279 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17777 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD3532B7  Ack: 0x19FFFB5F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:58.755518 24.66.107.87:2285 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD3BCB6A  Ack: 0x1A13EF29  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.044882 24.66.107.87:2293 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD440713  Ack: 0x19391D00  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.415131 24.66.107.87:2303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18551 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD4A1E8A  Ack: 0x19C2B6AE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.909838 24.66.107.87:2307 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18840 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD4ECD37  Ack: 0x19F027C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:00.426075 24.66.107.87:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19045 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD568261  Ack: 0x19B1482B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:00.967069 24.66.107.87:2323 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19330 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCD5E8F9D  Ack: 0x19B92FE9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.238639 24.66.107.87:2329 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19522 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD63D686  Ack: 0x1A2A2447  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.494864 24.66.107.87:2333 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19804 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCD6867CF  Ack: 0x1A00CA13  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.902742 24.66.107.87:2336 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD6C053E  Ack: 0x1A2C59DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:42.215100 24.209.11.98:3873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4016 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E346F75  Ack: 0x1DE91BF7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:44.561369 24.209.11.98:3910 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4211 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E59702C  Ack: 0x1DF5DE91  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:46.776513 24.209.11.98:3936 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E75078B  Ack: 0x1E348214  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:49.025158 24.209.11.98:3969 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E95674B  Ack: 0x1E033859  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:51.753485 24.209.11.98:4002 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4817 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3EB934B8  Ack: 0x1E4DD034  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:53.782923 24.209.11.98:4033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3ED85E9E  Ack: 0x1E409BEE  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:55.904657 24.209.11.98:4062 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5194 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EF55F75  Ack: 0x1E68C7A0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:57.682072 24.209.11.98:4090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5361 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3F129CD5  Ack: 0x1E765140  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:59.412556 24.209.11.98:4114 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5504 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F2B5FF3  Ack: 0x1E1FF786  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:01.824047 24.209.11.98:4141 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F45F33B  Ack: 0x1E5C6926  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:04.178999 24.209.11.98:4173 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F66A7F4  Ack: 0x1F01165B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:09.141683 24.209.11.98:4206 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F8767FA  Ack: 0x1F5FAAA1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:11.225193 24.209.11.98:4278 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FD077BC  Ack: 0x1F03FE28  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:13.650602 24.209.11.98:4306 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FEE00C1  Ack: 0x1F49FF33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:15.957503 24.209.11.98:4338 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6956 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x400F6DB9  Ack: 0x1F9BD6EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:18.045480 24.209.11.98:4370 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:7162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x402F8886  Ack: 0x1F47AF26  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:32.624187 24.209.11.98:2799 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDD4CE94E  Ack: 0xFD22189F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:35.213768 24.209.11.98:2833 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32601 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDD710192  Ack: 0xFDEA9D54  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:40.314609 24.209.11.98:2862 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32851 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDD8EA437  Ack: 0xFDBDA71B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:45.661120 24.209.11.98:2924 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33166 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDDD0DC1D  Ack: 0xFDC60C71  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:47.940246 24.209.11.98:2994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDE18ED22  Ack: 0xFE6AEB13  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:50.752879 24.209.11.98:3031 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE3F53A8  Ack: 0xFEA63CEF  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:53.019536 24.209.11.98:3060 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33593 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE5DC117  Ack: 0xFF2D58D3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:58.168521 24.209.11.98:3090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33932 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDE7AED4D  Ack: 0xFEB4257A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:00.552635 24.209.11.98:3163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEC4A493  Ack: 0xFF067899  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:02.598018 24.209.11.98:3197 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEE83ECC  Ack: 0xFF211A01  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:04.795970 24.209.11.98:3227 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF05D045  Ack: 0xFFCE412C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:06.961452 24.209.11.98:3259 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF21DE20  Ack: 0xFF0F83F5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:09.386839 24.209.11.98:3286 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34609 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF3F36D4  Ack: 0xFFB8BB06  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:11.748601 24.209.11.98:3320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF6009B5  Ack: 0x53F0BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:13.932918 24.209.11.98:3347 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34868 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDF7D62DD  Ack: 0x789138  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:16.237531 24.209.11.98:3376 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34987 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF9ADF91  Ack: 0xFFEA4958  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-05:17:02.986343 66.196.65.24:42979 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:8194 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE0032E3B  Ack: 0x1D05D633  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:45.526275 24.189.230.118:4982 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23675 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA08965F2  Ack: 0xE5BC8FBD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:45.938530 24.189.230.118:4998 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23706 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA091FD19  Ack: 0xE5AAE445  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.202185 24.189.230.118:1032 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23730 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA096C9B0  Ack: 0xE5A4E1A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.350625 24.189.230.118:1044 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA09E5941  Ack: 0xE4F2A375  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.464094 24.189.230.118:1052 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23772 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0A47B6F  Ack: 0xE5A823F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-07:17:46.590757 24.189.230.118:1057 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23790 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0A899CF  Ack: 0xE5405310  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-07:17:46.744144 24.189.230.118:1068 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23820 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0B16A60  Ack: 0xE554E867  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.880343 24.189.230.118:1073 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23847 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0B5DE55  Ack: 0xE53E79B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-11:00:13.485247 66.196.65.24:16727 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:17790 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB0F6AAEE  Ack: 0x2D665084  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:08:13.655075 66.196.65.24:21309 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:34228 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC18AFFCD  Ack: 0x2E4113D7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.719775 24.209.11.98:2110 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52359 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x704127B4  Ack: 0x939E9692  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.905907 24.209.11.98:2116 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52375 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x70466EFE  Ack: 0x93A3771A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.988813 24.209.11.98:2118 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52388 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7047FB8D  Ack: 0x93614475  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.052967 24.209.11.98:2120 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x704A2D9A  Ack: 0x93F7BFFF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.127859 24.209.11.98:2123 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52407 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x704CEB90  Ack: 0x940A3F25  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.186129 24.209.11.98:2124 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52417 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704DD95F  Ack: 0x9383DA77  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.252236 24.209.11.98:2126 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52428 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704FA775  Ack: 0x9360CDF2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.349579 24.209.11.98:2127 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52438 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7050D891  Ack: 0x9405AC9A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.413918 24.209.11.98:2130 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70539412  Ack: 0x9379FB97  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.474835 24.209.11.98:2135 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52464 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70571DE8  Ack: 0x93C3B828  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.542218 24.209.11.98:2139 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52478 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7059FE6A  Ack: 0x941093F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.637727 24.209.11.98:2144 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52497 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x705E4D79  Ack: 0x93692A52  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.198925 24.209.11.98:2163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52577 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x706ECCDE  Ack: 0x94007E26  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.282147 24.209.11.98:2166 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52591 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7070B66D  Ack: 0x937FDCC0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.338587 24.209.11.98:2169 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52600 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x70733B18  Ack: 0x93F09900  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.440310 24.209.11.98:2172 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52617 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70763173  Ack: 0x939E69F9  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-13:23:38.670240 24.112.177.163:2717 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0C57E3D  Ack: 0x4B7E7581  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-13:23:38.702850 24.112.177.163:2717 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34511 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0C583F1  Ack: 0x4B7E7581  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-15:17:01.916735 66.196.65.24:17974 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:23309 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4EF0FA9  Ack: 0xF80B09E7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-16:44:25.050301 24.125.71.226:1320 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45926 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CDA86C6  Ack: 0x41BC72BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-16:44:25.080112 24.125.71.226:1320 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CDA8C7A  Ack: 0x41BC72BF  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.875386 24.209.11.98:2441 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42379 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7E29A11F  Ack: 0x9DD52E64  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.987602 24.209.11.98:2443 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42397 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7E2BC9AD  Ack: 0x9E838325  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.064343 24.209.11.98:2446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42410 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E2E86DF  Ack: 0x9E0AA9C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.136732 24.209.11.98:2449 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42420 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E3091A8  Ack: 0x9DDE9B95  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.226978 24.209.11.98:2451 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E327563  Ack: 0x9E641A47  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.303470 24.209.11.98:2453 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42442 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E34668F  Ack: 0x9E3F8D75  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.377991 24.209.11.98:2457 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E38126D  Ack: 0x9E7F5510  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.442103 24.209.11.98:2460 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42470 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7E3AC382  Ack: 0x9E76E1B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.528828 24.209.11.98:2463 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42483 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3D2E59  Ack: 0x9E9361AC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.595689 24.209.11.98:2465 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3ED7A6  Ack: 0x9E7436FC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.655587 24.209.11.98:2468 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42507 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E41985A  Ack: 0x9DAB3A4E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.733689 24.209.11.98:2471 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42514 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E44CB0A  Ack: 0x9E51BA81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.800519 24.209.11.98:2473 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42526 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7E4644A8  Ack: 0x9E7C2221  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.843700 24.209.11.98:2476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E48B997  Ack: 0x9E2CCCA8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.886655 24.209.11.98:2477 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42543 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7E49AD79  Ack: 0x9E523942  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:53.433550 24.209.11.98:2487 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42599 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E52F9FE  Ack: 0x9DB177B3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:26:08.740931 66.196.65.24:46210 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:35895 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC308CDA9  Ack: 0xDF56908F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:07.699804 24.237.65.167:4738 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1D8DF12F  Ack: 0x8D9A6CB9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:17.809054 24.237.65.167:1485 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11462 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F2C60A6  Ack: 0x8DBC2C26  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:27.540242 24.237.65.167:1992 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12917 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20BC2185  Ack: 0x8E8FFA02  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:36.876096 24.237.65.167:2473 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14327 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22396A44  Ack: 0x8F1D72F2  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:46.594925 24.237.65.167:2983 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15809 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23CF1E4C  Ack: 0x8F51FBA8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-18:12:56.343619 24.237.65.167:3486 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17297 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x256205DC  Ack: 0x8F8C651E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-19:37:44.710463 66.196.65.24:20516 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:971 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6885D947  Ack: 0xD0888AA4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:51.884392 24.209.11.98:1914 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x21167128  Ack: 0x61582860  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.328517 24.209.11.98:1927 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x21223A3B  Ack: 0x61886D44  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.900103 24.209.11.98:1934 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10732 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2128F319  Ack: 0x613DF7A7  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:53.441534 24.209.11.98:1945 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21331DC4  Ack: 0x614DC68B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:54.100221 24.209.11.98:1951 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x213A57AB  Ack: 0x6128CD3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-20:15:59.224069 24.209.11.98:2016 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11316 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x217BC8E8  Ack: 0x61EF7048  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:00.388443 24.209.11.98:2038 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11422 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2193D263  Ack: 0x612E9E1F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:01.555493 24.209.11.98:2052 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11518 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21A17B9E  Ack: 0x6164E20A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:02.453477 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11606 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21AFF80F  Ack: 0x61385181  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.299307 24.209.11.98:2078 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11687 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21BCC269  Ack: 0x61C02D95  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.928970 24.209.11.98:2092 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11753 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21CA674D  Ack: 0x61C0F328  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:04.661904 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11828 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:07.769213 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12109 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:14.652634 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:17.261124 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:18.772443 24.209.11.98:2304 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13103 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x229CD6D4  Ack: 0x62BA1C3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:19.441718 24.209.11.98:2322 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13195 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22AE06D6  Ack: 0x62FD4926  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:29:53.464037 24.27.99.244:2578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB8D0692  Ack: 0x9552F1B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:29:53.496939 24.27.99.244:2578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB8D0C46  Ack: 0x9552F1B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-22:17:54.996577 66.196.65.24:2445 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:41724 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAA884D4E  Ack: 0x2D4989DB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-23:04:28.706930 64.158.138.48:60801 -> 192.168.1.6:80
TCP TTL:52 TOS:0x0 ID:22158 IpLen:20 DgmLen:257 DF
***AP*** Seq: 0x9DC6585  Ack: 0xDE9C0735  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 632728135 3099019528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-02:39:17.316411 66.196.65.24:3811 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:58955 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3FCA44E  Ack: 0x9533411  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-03:47:13.898725 24.118.69.183:1619 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14DC4E13  Ack: 0xA1B6FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-03:47:13.907582 24.118.69.183:1619 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14DC53C7  Ack: 0xA1B6FCD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:55.485643 24.209.11.98:1728 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16745 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4E7D47  Ack: 0xEB73AEB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:56.419521 24.209.11.98:1746 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16876 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5E7ADF  Ack: 0xEBA24422  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:57.622876 24.209.11.98:1766 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17044 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA72754D  Ack: 0xEB4FF883  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:58.470371 24.209.11.98:1781 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17181 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA7F2152  Ack: 0xEB911DAF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:59.352345 24.209.11.98:1791 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17299 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA89EAF1  Ack: 0xEBA84CFF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:00.487861 24.209.11.98:1804 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17464 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA9661F8  Ack: 0xEBAF7B33  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:01.477836 24.209.11.98:1843 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17599 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB66683  Ack: 0xEB8DD97D  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.268221 24.209.11.98:1856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17690 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAC35E16  Ack: 0xEB83CDB9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.893516 24.209.11.98:1866 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17787 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xACE2EBE  Ack: 0xEBDC5630  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:03.716509 24.209.11.98:1873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD5C399  Ack: 0xEBC9C4D3  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:04.836177 24.209.11.98:1888 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE29483  Ack: 0xEBB1C5AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:05.780138 24.209.11.98:1928 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18173 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03AD40  Ack: 0xEBE8261F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:06.858831 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18305 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:09.568860 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18652 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:10.807145 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:13.800282 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:14.753241 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB87092E  Ack: 0xEC602BB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:15.591833 24.209.11.98:2094 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19448 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EB384  Ack: 0xECE35A7E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-05:27:31.339235 66.196.65.24:55554 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:59153 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69DBABC4  Ack: 0x84763DDC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-08:22:04.099641 66.196.65.24:42941 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:44793 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBE08BF6A  Ack: 0xD4D56DCD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:57 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]