SnortSnarf alert page

Source: 24.209.105.156: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 01:20:18.341110 on 05/01/2003
Latest: 11:04:01.310561 on 05/04/2003

7 different signatures are present for 24.209.105.156 as a source

13 instances of WEB-IIS ISAPI .ida attempt
18 instances of WEB-IIS _mem_bin access
18 instances of WEB-FRONTPAGE /_vti_bin/ access
36 instances of WEB-IIS CodeRed v2 root.exe access
52 instances of WEB-IIS multiple decode attempt
82 instances of WEB-IIS cmd.exe access
87 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.105.156 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.341110 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B1098  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.347759 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B164C  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.032030 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1951FF0  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.039178 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE19525A4  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.408874 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097982  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.413691 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097F36  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.290462 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC149  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.296671 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC6FD  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.912600 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170A4DF  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.919340 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170AA93  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.319318 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED762D  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.324760 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED7BE1  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.015655 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE92725F2  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.021614 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9272BA6  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.504851 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49661 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E504298  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.510885 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E50484C  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.493488 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8A48A  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.500303 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8AA3E  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.892152 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CDFFD  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.902010 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28153 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CE5B1  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.837320 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC51B99  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.843262 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC5214D  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.081641 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630AF78  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.088355 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30117 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630B52C  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.282017 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F0C3E  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.289166 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F11F2  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:30.543338 24.209.105.156:4331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3DDE23CA  Ack: 0xE067EFF3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:32.859267 24.209.105.156:4417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27202 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E285316  Ack: 0xE0BE7455  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:33.047326 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E2D0AF6  Ack: 0xE0A965FF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.672741 24.209.105.156:4531 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27796 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E87D16A  Ack: 0xE0BA235F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.967702 24.209.105.156:4548 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E96C301  Ack: 0xE0CDC083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:37.251893 24.209.105.156:4554 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3E9C876C  Ack: 0xE0F6166B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:40.694698 24.209.105.156:4634 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28352 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EE4165E  Ack: 0xE1BEC78C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:44.436077 24.209.105.156:4650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28912 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3EF17D8B  Ack: 0xE221AEBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:48.100957 24.209.105.156:4757 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F4BC9F4  Ack: 0xE308F50C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:49.256114 24.209.105.156:4876 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FAFBD18  Ack: 0xE2722841  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.350302 24.209.105.156:4905 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FC89145  Ack: 0xE32EB63E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.827340 24.209.105.156:4918 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FD4C053  Ack: 0xE297969E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:51.790702 24.209.105.156:4956 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29936 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FF394E6  Ack: 0xE2DEEC9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.237698 24.209.105.156:4965 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FFB718A  Ack: 0xE2995FBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.483323 24.209.105.156:4978 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30031 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40069EF2  Ack: 0xE33D96BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.615673 24.209.105.156:4982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x400A46C6  Ack: 0xE2BC8F85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.161969 24.209.105.156:3318 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39842 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93D78D31  Ack: 0x9F7130F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.423643 24.209.105.156:3322 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39888 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93DB5A2D  Ack: 0x9FCD19FE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.652951 24.209.105.156:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39933 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E358BD  Ack: 0x9F6DCAFF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.859016 24.209.105.156:3339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39973 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E94DB5  Ack: 0x9F5A1F1E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:21.107071 24.209.105.156:3346 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40014 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x93EF5E94  Ack: 0x9F463DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.657301 24.209.105.156:3659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94F83DF4  Ack: 0x9FB9CD67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.795342 24.209.105.156:3666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94FEC3E4  Ack: 0xA07BA238  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:30.928126 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41703 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9504948F  Ack: 0xA026FEE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.038713 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9507C0E5  Ack: 0x9FB34EE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.161857 24.209.105.156:3679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41758 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9509A6C2  Ack: 0xA0336DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.440678 24.209.105.156:3687 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x950FF526  Ack: 0x9FFA4670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.707992 24.209.105.156:3962 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95FB24A4  Ack: 0xA09F4DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.890761 24.209.105.156:3967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43271 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x95FFA285  Ack: 0xA0C9C19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.090620 24.209.105.156:4073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43790 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9656278C  Ack: 0xA0BA7010  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.193817 24.209.105.156:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43814 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x965B79F3  Ack: 0xA0A026F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.378402 24.209.105.156:4083 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x965EBE7B  Ack: 0xA09692DE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:36.265979 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47473 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5EB09D8F  Ack: 0x20E314A3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.857158 24.209.105.156:4610 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5F5519E7  Ack: 0x21414FCA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.959651 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F56F490  Ack: 0x21D6185E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.057753 24.209.105.156:4617 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F5B6B02  Ack: 0x21845C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.138220 24.209.105.156:4621 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F5EBCFA  Ack: 0x21C083EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:44:49.952193 24.209.105.156:4881 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48850 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x603D71FE  Ack: 0x226917D7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:45:11.736843 24.209.105.156:3506 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51259 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x62484886  Ack: 0x2372F86F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:21.772044 24.209.105.156:3736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52117 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x63157F11  Ack: 0x237784AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.043574 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63221BB1  Ack: 0x236FC67A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.190300 24.209.105.156:3759 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52191 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63297D89  Ack: 0x23F4290A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.421607 24.209.105.156:3764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x632DD294  Ack: 0x2430C2BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.693351 24.209.105.156:3769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63328122  Ack: 0x2402EAAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.153827 24.209.105.156:3780 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52302 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x633BCBA2  Ack: 0x243CBF52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.476152 24.209.105.156:3797 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52350 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6349C010  Ack: 0x2431F69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.924031 24.209.105.156:3807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52399 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6351F635  Ack: 0x23C5DE51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:34.152530 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64532422  Ack: 0x2436265E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.821977 24.209.105.156:4458 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x34705DD6  Ack: 0x2625341B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.966910 24.209.105.156:4462 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10689 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3474285C  Ack: 0x26216A5C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.079617 24.209.105.156:4469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10702 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3479F123  Ack: 0x260166C3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.191794 24.209.105.156:4475 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10719 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347E9BD3  Ack: 0x25F46DF3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.286749 24.209.105.156:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10731 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x348067EB  Ack: 0x25FBC3E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.377285 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34815343  Ack: 0x26CA356F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.467416 24.209.105.156:4483 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10763 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34854B96  Ack: 0x268C772A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.809620 24.209.105.156:4764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11809 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3573ECA7  Ack: 0x26BBE6C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.916272 24.209.105.156:4768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x35770064  Ack: 0x26F26C2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.998623 24.209.105.156:4769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11834 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3577C60E  Ack: 0x27387EC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:37.637674 24.209.105.156:3009 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36474998  Ack: 0x28090F02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:46.957736 24.209.105.156:3299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x373B6F59  Ack: 0x285D819C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:50.191527 24.209.105.156:3410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14148 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3795D838  Ack: 0x27DFF2CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.330501 24.209.105.156:3529 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F90A33  Ack: 0x28DC8949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.536097 24.209.105.156:3533 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14610 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37FC0A36  Ack: 0x283A23BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.642312 24.209.105.156:3539 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38014859  Ack: 0x2891490F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.299968 24.209.105.156:3495 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38013 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75EA4D16  Ack: 0xF29FA6EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.816518 24.209.105.156:3509 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75F68EAC  Ack: 0xF30FE75C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:36.642490 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39724 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x771A8F1A  Ack: 0xF34753D8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.490767 24.209.105.156:4120 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41085 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77FC9000  Ack: 0xF463AFB8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.748806 24.209.105.156:4133 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x780745B8  Ack: 0xF42E4967  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:47.026630 24.209.105.156:4147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41185 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78113D0D  Ack: 0xF4993944  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:56.862290 24.209.105.156:4403 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78EE4209  Ack: 0xF4B24016  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.275468 24.209.105.156:4415 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42850 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x78F8B7F8  Ack: 0xF4EC6B95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.768038 24.209.105.156:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42920 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x794F1E1C  Ack: 0xF519C419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.310561 24.209.105.156:4525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x795A1D63  Ack: 0xF4F8D6D4  Win: 0x4470  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.105.156	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade