SnortSnarf alert page

Source: 24.209.105.156: #201-300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:45:01.306152 on 05/05/2003
Latest: 13:16:20.425840 on 05/05/2003

7 different signatures are present for 24.209.105.156 as a source

13 instances of WEB-IIS ISAPI .ida attempt
18 instances of WEB-IIS _mem_bin access
18 instances of WEB-FRONTPAGE /_vti_bin/ access
36 instances of WEB-IIS CodeRed v2 root.exe access
52 instances of WEB-IIS multiple decode attempt
82 instances of WEB-IIS cmd.exe access
87 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.105.156 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.306152 24.209.105.156:4386 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36048 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD23A3C5  Ack: 0xBA6D3032  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.385207 24.209.105.156:4387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD249205  Ack: 0xBA7F4A0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.461414 24.209.105.156:4388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD25130C  Ack: 0xB9DA5C00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.227240 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD31199B  Ack: 0xBAA69065  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.336767 24.209.105.156:4557 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCDB364B2  Ack: 0xBA956B38  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.418177 24.209.105.156:4666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36929 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCE0ACF7F  Ack: 0xBAEDBB2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.484108 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:12.726705 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37238 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:18.594376 24.209.105.156:4952 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCEFB7F6F  Ack: 0xBB9DBCED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:27.980702 24.209.105.156:3359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39103 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0430FB2  Ack: 0xBBFE4E73  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.771399 24.209.105.156:4494 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22543 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F255C9  Ack: 0xDC7BA09B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.850751 24.209.105.156:4496 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22551 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F43E65  Ack: 0xDBC2C992  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.940196 24.209.105.156:4498 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F5A79A  Ack: 0xDC3C8F3D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:06.911995 24.209.105.156:4756 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23693 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2D28B44  Ack: 0xDC3FA9ED  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:16.200125 24.209.105.156:3137 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x40F54C3  Ack: 0xDCDE1DB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:25.890939 24.209.105.156:3451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25769 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5185DDB  Ack: 0xDDFCBF89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:26.018199 24.209.105.156:3455 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51B2BC0  Ack: 0xDD785420  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.118898 24.209.105.156:3460 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25811 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51F8770  Ack: 0xDDB709F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.222819 24.209.105.156:3470 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5263BFD  Ack: 0xDE132678  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.548796 24.209.105.156:3809 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x640922C  Ack: 0xDE13BF14  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.645778 24.209.105.156:3812 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64380BF  Ack: 0xDE6A7408  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.762439 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27238 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x644D9A6  Ack: 0xDE895085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.866852 24.209.105.156:3817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27258 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6480945  Ack: 0xDE9F2B86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.967204 24.209.105.156:3822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64C5D21  Ack: 0xDEB131A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:36.037599 24.209.105.156:3826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64ED4FC  Ack: 0xDEA71083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:39.381518 24.209.105.156:3949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27721 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6AFEEF4  Ack: 0xDE82176A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.588659 24.209.105.156:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47341 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64221DA7  Ack: 0xFBF2A3BC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.851098 24.209.105.156:4252 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x642F3923  Ack: 0xFC32BD66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.163092 24.209.105.156:4259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6435AF63  Ack: 0xFBFB3AE2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.410159 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x643CD46E  Ack: 0xFC276AB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:58.354123 24.209.105.156:4289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47566 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x644F8E4F  Ack: 0xFC2F5597  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:11.812153 24.209.105.156:4575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49030 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6541689F  Ack: 0xFD7B7FD0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:21.137712 24.209.105.156:4951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x668232BA  Ack: 0xFD4CC0EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.528101 24.209.105.156:4961 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x668AF36C  Ack: 0xFE0CA105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.799465 24.209.105.156:4973 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669587A8  Ack: 0xFD604C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.034566 24.209.105.156:4979 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50179 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669AD08C  Ack: 0xFDD03B61  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.274106 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50206 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A325EF  Ack: 0xFE1282C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.814956 24.209.105.156:4994 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A86385  Ack: 0xFD9D443D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.289863 24.209.105.156:3013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50323 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66B6DC8F  Ack: 0xFDE260B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.784087 24.209.105.156:3023 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE460B  Ack: 0xFDADE307  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.305282 24.209.105.156:3034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66C92254  Ack: 0xFE2E063B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.810547 24.209.105.156:3049 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50493 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66D6EA82  Ack: 0xFE31B5C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.205804 24.209.105.156:3440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8593 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4C789D5  Ack: 0xF9D4EED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.400271 24.209.105.156:3558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8614 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF528343E  Ack: 0xF9ED54AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.493081 24.209.105.156:3559 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8627 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF529868B  Ack: 0xFA7E542E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.585174 24.209.105.156:3564 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8640 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF52E01D8  Ack: 0xFA09E5FC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.681608 24.209.105.156:3567 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF530502D  Ack: 0xFA3D3830  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.789030 24.209.105.156:3572 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5346702  Ack: 0xFA34B1ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.882886 24.209.105.156:3575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8690 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5367FB0  Ack: 0xFA6F3B5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:18.001646 24.209.105.156:3580 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8705 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF53A52A7  Ack: 0xFA524F35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:27.300734 24.209.105.156:3917 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9777 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF650F1EA  Ack: 0xFABB1806  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.751644 24.209.105.156:4254 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10850 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7699477  Ack: 0xFB80BE76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.865878 24.209.105.156:4257 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF76C82CC  Ack: 0xFB5B795C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.015685 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7709A60  Ack: 0xFBCB9263  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.100871 24.209.105.156:4264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10888 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF771EA3C  Ack: 0xFB57B7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.173655 24.209.105.156:4266 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7737AA7  Ack: 0xFB0E9C28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.268913 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10902 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF7749B0C  Ack: 0xFB3012A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:46.663905 24.209.105.156:4530 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11639 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8536013  Ack: 0xFB886E13  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:09.571639 24.209.105.156:4016 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5853 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4DCEEE3  Ack: 0xFCE997B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.205921 24.209.105.156:4313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7562 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5DD4FF8  Ack: 0xFCE77C77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.306470 24.209.105.156:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7586 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5E05AF5  Ack: 0xFD1DFDF6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.238016 24.209.105.156:4424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA63E384B  Ack: 0xFDC7A134  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.374401 24.209.105.156:4434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA645F9CB  Ack: 0xFD2538E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:33.239293 24.209.105.156:4688 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA721D58F  Ack: 0xFE5AC83B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:40.538864 24.209.105.156:4799 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA7816C5B  Ack: 0xFE1F26BE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.460723 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12017 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8CEA269  Ack: 0xFEAE03F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.770124 24.209.105.156:3308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12048 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9275481  Ack: 0xFEDFFE8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:54.224527 24.209.105.156:3316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92EA044  Ack: 0xFF079388  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:55.055355 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9467B42  Ack: 0xFF38A8E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:04.763070 24.209.105.156:3640 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA443C02  Ack: 0xFFE20D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.014207 24.209.105.156:3650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA4BCB7E  Ack: 0xFFD3F765  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.450824 24.209.105.156:3657 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13708 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA51D032  Ack: 0x501685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.937731 24.209.105.156:3670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA5CFF98  Ack: 0x2E30AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:06.179624 24.209.105.156:3686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13820 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA6A01A6  Ack: 0x863C0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.731184 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5264 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C7F416  Ack: 0x2D05AB5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.959313 24.209.105.156:3969 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89CFEE34  Ack: 0x2CF9169C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:57.853579 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A9DFEE0  Ack: 0x2D7AE990  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.210458 24.209.105.156:4618 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7326 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEEF2B4  Ack: 0x2E8A7CE0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.343027 24.209.105.156:4622 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BF268A3  Ack: 0x2DF4302D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:07.446386 24.209.105.156:4625 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BF57560  Ack: 0x2DBCDC5C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:16.762040 24.209.105.156:4919 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8406 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8CE8C40C  Ack: 0x2E77A477  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.133175 24.209.105.156:3005 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8697 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8D31EFDB  Ack: 0x2E9F7506  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.223924 24.209.105.156:3012 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3694A1  Ack: 0x2F52B08B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.306055 24.209.105.156:3015 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D39B59D  Ack: 0x2F1F25C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.412097 24.209.105.156:3018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3BA5FE  Ack: 0x2E814CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.720186 24.209.105.156:3313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8E3AAC97  Ack: 0x3008DF33  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.840280 24.209.105.156:3317 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8E3DE342  Ack: 0x2F508D71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.920485 24.209.105.156:3320 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9843 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E40D0FB  Ack: 0x2FC17A50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.047743 24.209.105.156:3323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9864 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8E439DA6  Ack: 0x2FBA0935  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.167673 24.209.105.156:3330 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E491C53  Ack: 0x2FDEFC85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.702040 24.209.105.156:4203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x22F7E7AC  Ack: 0x275DDEB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.877107 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16311 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x22FC0BF7  Ack: 0x279AEB1A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.960500 24.209.105.156:4210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FE1FC4  Ack: 0x274EC4BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.085352 24.209.105.156:4212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FFF8FD  Ack: 0x271FA50B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.182096 24.209.105.156:4218 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16349 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23045518  Ack: 0x2731A3A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.290630 24.209.105.156:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x23079DF8  Ack: 0x279B08A6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.423429 24.209.105.156:4226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x230B3642  Ack: 0x271B65CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:13.736049 24.209.105.156:4308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16578 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x235545D5  Ack: 0x27C4DE16  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.328364 24.209.105.156:4421 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23B4F863  Ack: 0x279F1F0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.425840 24.209.105.156:4507 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23FE9481  Ack: 0x27AA7087  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.105.156	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade