[Silicon Defense logo]

SnortSnarf alert page

Source: 24.148.37.196

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 14:56:54.780053 on 05/11/2003
Latest: 14:57:50.353445 on 05/11/2003

6 different signatures are present for 24.148.37.196 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.148.37.196 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:56:54.780053 24.148.37.196:2824 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35403 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x47DD7BA2 Ack: 0x22B70EF5 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:05.595077 24.148.37.196:3234 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36854 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492FBC12 Ack: 0x23782D5E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:06.828001 24.148.37.196:3286 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37032 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x495CC284 Ack: 0x23252A58 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:08.144903 24.148.37.196:3335 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49872E24 Ack: 0x23AD138F Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:12.886674 24.148.37.196:3521 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37883 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A1C05B0 Ack: 0x23FD8DFF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/11-14:57:14.096665 24.148.37.196:3573 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38071 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A4741B8 Ack: 0x238F3936 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/11-14:57:15.338313 24.148.37.196:3617 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38267 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A6BCC16 Ack: 0x23B74D08 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:26.140593 24.148.37.196:4055 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39899 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4BD761D7 Ack: 0x2480C5C7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:31.018702 24.148.37.196:4238 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C6E4CC4 Ack: 0x24A40603 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:32.274200 24.148.37.196:4293 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40770 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C9C6A01 Ack: 0x2506492B Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:37.106980 24.148.37.196:4467 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D2C7276 Ack: 0x24EA7480 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:38.509108 24.148.37.196:4520 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41630 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D5A2E52 Ack: 0x25505B8D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:46.371587 24.148.37.196:4779 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4DF47E70 Ack: 0x252926BA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:47.546208 24.148.37.196:1084 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42924 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4E83557F Ack: 0x25A13DDB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:48.990468 24.148.37.196:1136 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43125 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4EB096B5 Ack: 0x25718685 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-14:57:50.353445 24.148.37.196:1185 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4ED56006 Ack: 0x262DCB1A Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003