SnortSnarf alert page

Source: 24.209.105.156: #101-200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:04:01.643211 on 05/04/2003
Latest: 03:44:57.698400 on 05/05/2003

7 different signatures are present for 24.209.105.156 as a source

13 instances of WEB-IIS ISAPI .ida attempt
18 instances of WEB-IIS _mem_bin access
18 instances of WEB-FRONTPAGE /_vti_bin/ access
36 instances of WEB-IIS CodeRed v2 root.exe access
52 instances of WEB-IIS multiple decode attempt
82 instances of WEB-IIS cmd.exe access
87 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.105.156 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.643211 24.209.105.156:4545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43050 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x796A9B07  Ack: 0xF579B0C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:11.540043 24.209.105.156:4841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A67B170  Ack: 0xF605ECC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.032623 24.209.105.156:4855 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A744811  Ack: 0xF6242BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.563425 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A816C21  Ack: 0xF56C917B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.012606 24.209.105.156:4885 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44675 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A8E3C0A  Ack: 0xF5B9D76B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.528783 24.209.105.156:4899 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A9B1E63  Ack: 0xF63AAD99  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:26.592821 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55680 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDDC08037  Ack: 0x32B88BD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.093174 24.209.105.156:3166 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57288 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEBA5242  Ack: 0x33147C02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.601792 24.209.105.156:3270 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0EC020  Ack: 0x335B81F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:50.648310 24.209.105.156:3611 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE02C330A  Ack: 0x345AC442  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.168597 24.209.105.156:3631 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE03F4AE1  Ack: 0x34D73CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.478711 24.209.105.156:3652 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58865 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE04E2017  Ack: 0x343B2A87  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.742320 24.209.105.156:3663 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0580A48  Ack: 0x34DA104C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.987478 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58970 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE060207C  Ack: 0x34B943FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:03:57.440185 24.209.105.156:3832 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43811 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4DDFED5F  Ack: 0xB92004B2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:06.937495 24.209.105.156:4159 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45159 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4EF0815A  Ack: 0xB95D52F2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:16.695500 24.209.105.156:4488 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46545 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5001B977  Ack: 0xBAABE9F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.171437 24.209.105.156:4783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47718 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x50F99789  Ack: 0xBB60ED3A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.278297 24.209.105.156:4786 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47736 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50FCE742  Ack: 0xBAAA067F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.691926 24.209.105.156:3055 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DAAB17  Ack: 0xBCC80887  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.990035 24.209.105.156:3061 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DFB87F  Ack: 0xBCCD4B52  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.392142 24.209.105.156:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48856 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51E47036  Ack: 0xBC5CD3A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.891076 24.209.105.156:3080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51EDD580  Ack: 0xBCBB3541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.773121 24.209.105.156:3336 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52C83DF3  Ack: 0xBD75A498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.930670 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49958 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D00F72  Ack: 0xBDAC50A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:47.119447 24.209.105.156:3352 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D5E987  Ack: 0xBD76BCAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.652811 24.209.105.156:3501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x534A8AB9  Ack: 0xBD718FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.720708 24.209.105.156:3505 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50573 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x534DCC9C  Ack: 0xBD5C93D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.983138 24.209.105.156:3510 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50606 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5351BDEC  Ack: 0xBD031976  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:54.170050 24.209.105.156:3598 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x53A0CC72  Ack: 0xBDC3693D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:03.122399 24.209.105.156:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14991 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB858A3BB  Ack: 0xE5376045  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:13.685928 24.209.105.156:4941 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16586 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB97C12F7  Ack: 0xE68C3F1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:14.211316 24.209.105.156:4949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16653 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB9837D9E  Ack: 0xE5AC1FD4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:17.880696 24.209.105.156:4964 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17214 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB990AE74  Ack: 0xE6A7F1D7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:18.354709 24.209.105.156:3073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EA5B0A  Ack: 0xE6AEA477  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:18.709223 24.209.105.156:3091 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9F9DF94  Ack: 0xE5F3EB12  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:40.339199 24.209.105.156:3718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC0F651A  Ack: 0xE803011E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:40.648523 24.209.105.156:3726 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20529 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC16B00D  Ack: 0xE7D2A6CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:54.854595 24.209.105.156:4030 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD193D6F  Ack: 0xE83C823C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.163416 24.209.105.156:4162 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22586 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8D9195  Ack: 0xE9AF1BCF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.618031 24.209.105.156:4168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD933987  Ack: 0xE9BE8885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:56.079696 24.209.105.156:4178 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22713 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD9CFDD3  Ack: 0xE9ECA86B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.100134 24.209.105.156:4292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23246 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBDFC210A  Ack: 0xE9A83299  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.590077 24.209.105.156:4301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBE0448DC  Ack: 0xEA2DF2F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.980304 24.209.105.156:4312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23369 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE0EF9E0  Ack: 0xE97AB13B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:11.284321 24.209.105.156:3248 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25679 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF70B8734  Ack: 0xAB62B2C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:14.916325 24.209.105.156:3387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF77DD61D  Ack: 0xAB35A608  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:15.120110 24.209.105.156:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7854CD2  Ack: 0xAB6DF8F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:28.358728 24.209.105.156:3660 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8707AE4  Ack: 0xAB77F4A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:32.260673 24.209.105.156:3872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28094 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF924C06F  Ack: 0xAC330F36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:32.771035 24.209.105.156:3886 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF92F65BF  Ack: 0xAC9E0757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:33.069169 24.209.105.156:3902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28219 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF93DE2C7  Ack: 0xACAE263B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:33.380175 24.209.105.156:3922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF94EB8F9  Ack: 0xAC8423F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:36.727808 24.209.105.156:4027 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28674 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9A5EE66  Ack: 0xACC4E996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:40.252420 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29112 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9FE0D86  Ack: 0xAC54E8DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.104313 24.209.105.156:4274 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29682 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA758208  Ack: 0xAD0230DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.501453 24.209.105.156:4286 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA7F6443  Ack: 0xAD05E7AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:45.000178 24.209.105.156:4299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29790 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA89C227  Ack: 0xACDB94F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.549804 24.209.105.156:4382 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30125 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAD3C1FF  Ack: 0xAD7D0176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.664877 24.209.105.156:4396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30144 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFAE15A14  Ack: 0xAD0B98C4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.745764 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30156 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE5A95D  Ack: 0xACE2AAC5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:26.999656 24.209.105.156:4700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39144 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x50929F3E  Ack: 0xBB0DDC12  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:36.962255 24.209.105.156:3011 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40581 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x51946D1C  Ack: 0xBB609480  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:40.197166 24.209.105.156:3150 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5206DFF6  Ack: 0xBB44CFDC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:43.985895 24.209.105.156:3303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41840 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5280C345  Ack: 0xBB76D722  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:53.958884 24.209.105.156:3594 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43188 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x537B0F6C  Ack: 0xBC1397BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.558751 24.209.105.156:3606 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43653 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53866BB6  Ack: 0xBBE228B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.800117 24.209.105.156:3693 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53D31F80  Ack: 0xBC9C9421  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.000920 24.209.105.156:3710 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x53E08C39  Ack: 0xBD13E865  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.591698 24.209.105.156:3733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F3D184  Ack: 0xBCA4222B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:02.667071 24.209.105.156:3805 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x54350A54  Ack: 0xBCD0C5F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:03.191129 24.209.105.156:3830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44315 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x544967CB  Ack: 0xBD5569B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.680931 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x545BB650  Ack: 0xBD62C292  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.920514 24.209.105.156:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54A5E7BB  Ack: 0xBCD2B903  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.466988 24.209.105.156:3944 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44833 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54ABDE3D  Ack: 0xBCC9AB8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.979432 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44905 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x54B918BC  Ack: 0xBD8782E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:08.317951 24.209.105.156:3980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CA63DC  Ack: 0xBD54D154  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:08.038691 24.209.105.156:4086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5750 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBD998CB0  Ack: 0x71F494E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.160549 24.209.105.156:4170 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6031 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBDE0FB21  Ack: 0x727EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.250352 24.209.105.156:4175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDE53AA8  Ack: 0x72B62D90  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:20.669223 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBEE23A1E  Ack: 0x7368F28C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:24.630828 24.209.105.156:4503 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7570 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEF68674  Ack: 0x72B7DADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:24.759519 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF5289DF  Ack: 0x739265B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:37.780751 24.209.105.156:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC045DF30  Ack: 0x743E2B74  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:37.914298 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC096F10A  Ack: 0x73DE69D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:38.022328 24.209.105.156:4992 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC09939DF  Ack: 0x73E953FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.392513 24.209.105.156:3242 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17200B1  Ack: 0x75054B10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.486776 24.209.105.156:3246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17565ED  Ack: 0x7518DC27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.601557 24.209.105.156:3253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17B0EE9  Ack: 0x74E1D6C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.722309 24.209.105.156:3258 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9700 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC17FC092  Ack: 0x74B23626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.019259 24.209.105.156:3263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1841355  Ack: 0x752EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.130656 24.209.105.156:3345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10005 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC1CA3C60  Ack: 0x752A97F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:19:00.472173 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11183 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2D74C99  Ack: 0x75A2B101  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:25.761551 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC997AA90  Ack: 0xB7B22741  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.728826 24.209.105.156:3587 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34014 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA913E84  Ack: 0xB8E78F67  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.824643 24.209.105.156:3691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34030 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE2DFB1  Ack: 0xB8B87BE4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.923511 24.209.105.156:3696 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE6DF77  Ack: 0xB93C9CEB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:39.031894 24.209.105.156:3698 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34058 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAE89B7D  Ack: 0xB8FAEDF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:48.395788 24.209.105.156:3985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34899 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCBD7D6F9  Ack: 0xB9AC0B88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:57.698400 24.209.105.156:4288 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35823 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCD3E1C0  Ack: 0xBA52CF05  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.105.156	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade