[Silicon Defense logo]

SnortSnarf alert page

Source: 24.201.83.152

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 16:33:04.434109 on 06/07/2003
Latest: 16:34:08.214034 on 06/07/2003

6 different signatures are present for 24.201.83.152 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.201.83.152 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:04.434109 24.201.83.152:1125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA8C445F6 Ack: 0xDA02E361 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:08.386842 24.201.83.152:1176 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50813 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA8F93210 Ack: 0xDA68CF3A Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:12.646435 24.201.83.152:1191 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51227 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA908B755 Ack: 0xDA2F4BD9 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:44.189047 24.201.83.152:1396 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA9D6F53B Ack: 0xDB760006 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:45.242117 24.201.83.152:1705 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53542 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB12B93B Ack: 0xDC24BC01 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-16:33:49.712603 24.201.83.152:1761 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB4E1A57 Ack: 0xDD396C48 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-16:33:50.388117 24.201.83.152:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB5B94F0 Ack: 0xDC8B4EE7 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:33:51.320719 24.201.83.152:1785 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53954 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAB6540BD Ack: 0xDCDCD42F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:01.698003 24.201.83.152:1947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54762 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC054C61 Ack: 0xDCFE800A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:02.508486 24.201.83.152:1962 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC145E19 Ack: 0xDD645049 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:03.487851 24.201.83.152:1973 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC1D60EF Ack: 0xDD625569 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:04.386332 24.201.83.152:1983 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54939 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC2850D3 Ack: 0xDE0D7D08 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:05.295212 24.201.83.152:1995 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55013 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAC346A32 Ack: 0xDDA2265D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:06.091578 24.201.83.152:2009 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55061 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC425058 Ack: 0xDD9778B2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:07.096340 24.201.83.152:2022 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55118 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAC4FAAAA Ack: 0xDDA8B10A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-16:34:08.214034 24.201.83.152:2035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55187 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC5C976F Ack: 0xDDC13B0A Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003