SnortSnarf alert page

Source: 24.209.105.156

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

306 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 01:20:18.341110 on 05/01/2003
Latest: 13:16:46.098697 on 05/05/2003

7 different signatures are present for 24.209.105.156 as a source

13 instances of WEB-IIS ISAPI .ida attempt
18 instances of WEB-IIS _mem_bin access
18 instances of WEB-FRONTPAGE /_vti_bin/ access
36 instances of WEB-IIS CodeRed v2 root.exe access
52 instances of WEB-IIS multiple decode attempt
82 instances of WEB-IIS cmd.exe access
87 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.105.156 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.341110 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B1098  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.347759 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B164C  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.032030 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1951FF0  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.039178 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE19525A4  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.408874 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097982  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.413691 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097F36  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.290462 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC149  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.296671 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC6FD  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.912600 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170A4DF  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.919340 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170AA93  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.319318 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED762D  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.324760 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED7BE1  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.015655 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE92725F2  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.021614 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9272BA6  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.504851 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49661 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E504298  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.510885 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E50484C  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.493488 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8A48A  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.500303 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8AA3E  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.892152 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CDFFD  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.902010 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28153 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CE5B1  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.837320 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC51B99  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.843262 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC5214D  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.081641 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630AF78  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.088355 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30117 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630B52C  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.282017 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F0C3E  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.289166 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F11F2  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:30.543338 24.209.105.156:4331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3DDE23CA  Ack: 0xE067EFF3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:32.859267 24.209.105.156:4417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27202 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E285316  Ack: 0xE0BE7455  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:33.047326 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E2D0AF6  Ack: 0xE0A965FF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.672741 24.209.105.156:4531 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27796 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E87D16A  Ack: 0xE0BA235F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.967702 24.209.105.156:4548 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E96C301  Ack: 0xE0CDC083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:37.251893 24.209.105.156:4554 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3E9C876C  Ack: 0xE0F6166B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:40.694698 24.209.105.156:4634 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28352 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EE4165E  Ack: 0xE1BEC78C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:44.436077 24.209.105.156:4650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28912 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3EF17D8B  Ack: 0xE221AEBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:48.100957 24.209.105.156:4757 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F4BC9F4  Ack: 0xE308F50C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:49.256114 24.209.105.156:4876 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FAFBD18  Ack: 0xE2722841  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.350302 24.209.105.156:4905 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FC89145  Ack: 0xE32EB63E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.827340 24.209.105.156:4918 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FD4C053  Ack: 0xE297969E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:51.790702 24.209.105.156:4956 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29936 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FF394E6  Ack: 0xE2DEEC9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.237698 24.209.105.156:4965 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FFB718A  Ack: 0xE2995FBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.483323 24.209.105.156:4978 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30031 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40069EF2  Ack: 0xE33D96BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.615673 24.209.105.156:4982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x400A46C6  Ack: 0xE2BC8F85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.161969 24.209.105.156:3318 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39842 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93D78D31  Ack: 0x9F7130F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.423643 24.209.105.156:3322 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39888 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93DB5A2D  Ack: 0x9FCD19FE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.652951 24.209.105.156:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39933 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E358BD  Ack: 0x9F6DCAFF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.859016 24.209.105.156:3339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39973 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E94DB5  Ack: 0x9F5A1F1E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:21.107071 24.209.105.156:3346 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40014 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x93EF5E94  Ack: 0x9F463DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.657301 24.209.105.156:3659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94F83DF4  Ack: 0x9FB9CD67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.795342 24.209.105.156:3666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94FEC3E4  Ack: 0xA07BA238  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:30.928126 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41703 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9504948F  Ack: 0xA026FEE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.038713 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9507C0E5  Ack: 0x9FB34EE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.161857 24.209.105.156:3679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41758 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9509A6C2  Ack: 0xA0336DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.440678 24.209.105.156:3687 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x950FF526  Ack: 0x9FFA4670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.707992 24.209.105.156:3962 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95FB24A4  Ack: 0xA09F4DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.890761 24.209.105.156:3967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43271 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x95FFA285  Ack: 0xA0C9C19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.090620 24.209.105.156:4073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43790 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9656278C  Ack: 0xA0BA7010  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.193817 24.209.105.156:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43814 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x965B79F3  Ack: 0xA0A026F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.378402 24.209.105.156:4083 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x965EBE7B  Ack: 0xA09692DE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:36.265979 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47473 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5EB09D8F  Ack: 0x20E314A3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.857158 24.209.105.156:4610 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5F5519E7  Ack: 0x21414FCA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.959651 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F56F490  Ack: 0x21D6185E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.057753 24.209.105.156:4617 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F5B6B02  Ack: 0x21845C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.138220 24.209.105.156:4621 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F5EBCFA  Ack: 0x21C083EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:44:49.952193 24.209.105.156:4881 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48850 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x603D71FE  Ack: 0x226917D7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:45:11.736843 24.209.105.156:3506 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51259 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x62484886  Ack: 0x2372F86F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:21.772044 24.209.105.156:3736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52117 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x63157F11  Ack: 0x237784AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.043574 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63221BB1  Ack: 0x236FC67A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.190300 24.209.105.156:3759 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52191 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63297D89  Ack: 0x23F4290A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.421607 24.209.105.156:3764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x632DD294  Ack: 0x2430C2BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.693351 24.209.105.156:3769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63328122  Ack: 0x2402EAAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.153827 24.209.105.156:3780 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52302 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x633BCBA2  Ack: 0x243CBF52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.476152 24.209.105.156:3797 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52350 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6349C010  Ack: 0x2431F69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.924031 24.209.105.156:3807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52399 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6351F635  Ack: 0x23C5DE51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:34.152530 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64532422  Ack: 0x2436265E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.821977 24.209.105.156:4458 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x34705DD6  Ack: 0x2625341B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.966910 24.209.105.156:4462 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10689 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3474285C  Ack: 0x26216A5C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.079617 24.209.105.156:4469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10702 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3479F123  Ack: 0x260166C3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.191794 24.209.105.156:4475 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10719 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347E9BD3  Ack: 0x25F46DF3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.286749 24.209.105.156:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10731 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x348067EB  Ack: 0x25FBC3E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.377285 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34815343  Ack: 0x26CA356F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.467416 24.209.105.156:4483 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10763 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34854B96  Ack: 0x268C772A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.809620 24.209.105.156:4764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11809 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3573ECA7  Ack: 0x26BBE6C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.916272 24.209.105.156:4768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x35770064  Ack: 0x26F26C2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.998623 24.209.105.156:4769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11834 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3577C60E  Ack: 0x27387EC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:37.637674 24.209.105.156:3009 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36474998  Ack: 0x28090F02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:46.957736 24.209.105.156:3299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x373B6F59  Ack: 0x285D819C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:50.191527 24.209.105.156:3410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14148 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3795D838  Ack: 0x27DFF2CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.330501 24.209.105.156:3529 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F90A33  Ack: 0x28DC8949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.536097 24.209.105.156:3533 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14610 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37FC0A36  Ack: 0x283A23BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.642312 24.209.105.156:3539 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38014859  Ack: 0x2891490F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.299968 24.209.105.156:3495 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38013 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75EA4D16  Ack: 0xF29FA6EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.816518 24.209.105.156:3509 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75F68EAC  Ack: 0xF30FE75C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:36.642490 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39724 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x771A8F1A  Ack: 0xF34753D8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.490767 24.209.105.156:4120 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41085 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77FC9000  Ack: 0xF463AFB8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.748806 24.209.105.156:4133 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x780745B8  Ack: 0xF42E4967  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:47.026630 24.209.105.156:4147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41185 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78113D0D  Ack: 0xF4993944  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:56.862290 24.209.105.156:4403 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78EE4209  Ack: 0xF4B24016  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.275468 24.209.105.156:4415 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42850 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x78F8B7F8  Ack: 0xF4EC6B95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.768038 24.209.105.156:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42920 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x794F1E1C  Ack: 0xF519C419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.310561 24.209.105.156:4525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x795A1D63  Ack: 0xF4F8D6D4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.643211 24.209.105.156:4545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43050 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x796A9B07  Ack: 0xF579B0C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:11.540043 24.209.105.156:4841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A67B170  Ack: 0xF605ECC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.032623 24.209.105.156:4855 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A744811  Ack: 0xF6242BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.563425 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A816C21  Ack: 0xF56C917B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.012606 24.209.105.156:4885 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44675 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A8E3C0A  Ack: 0xF5B9D76B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.528783 24.209.105.156:4899 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A9B1E63  Ack: 0xF63AAD99  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:26.592821 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55680 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDDC08037  Ack: 0x32B88BD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.093174 24.209.105.156:3166 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57288 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEBA5242  Ack: 0x33147C02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.601792 24.209.105.156:3270 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0EC020  Ack: 0x335B81F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:50.648310 24.209.105.156:3611 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE02C330A  Ack: 0x345AC442  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.168597 24.209.105.156:3631 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE03F4AE1  Ack: 0x34D73CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.478711 24.209.105.156:3652 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58865 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE04E2017  Ack: 0x343B2A87  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.742320 24.209.105.156:3663 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0580A48  Ack: 0x34DA104C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.987478 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58970 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE060207C  Ack: 0x34B943FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:03:57.440185 24.209.105.156:3832 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43811 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4DDFED5F  Ack: 0xB92004B2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:06.937495 24.209.105.156:4159 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45159 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4EF0815A  Ack: 0xB95D52F2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:16.695500 24.209.105.156:4488 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46545 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5001B977  Ack: 0xBAABE9F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.171437 24.209.105.156:4783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47718 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x50F99789  Ack: 0xBB60ED3A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.278297 24.209.105.156:4786 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47736 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50FCE742  Ack: 0xBAAA067F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.691926 24.209.105.156:3055 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DAAB17  Ack: 0xBCC80887  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.990035 24.209.105.156:3061 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DFB87F  Ack: 0xBCCD4B52  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.392142 24.209.105.156:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48856 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51E47036  Ack: 0xBC5CD3A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.891076 24.209.105.156:3080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51EDD580  Ack: 0xBCBB3541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.773121 24.209.105.156:3336 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52C83DF3  Ack: 0xBD75A498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.930670 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49958 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D00F72  Ack: 0xBDAC50A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:47.119447 24.209.105.156:3352 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D5E987  Ack: 0xBD76BCAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.652811 24.209.105.156:3501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x534A8AB9  Ack: 0xBD718FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.720708 24.209.105.156:3505 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50573 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x534DCC9C  Ack: 0xBD5C93D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.983138 24.209.105.156:3510 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50606 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5351BDEC  Ack: 0xBD031976  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:54.170050 24.209.105.156:3598 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x53A0CC72  Ack: 0xBDC3693D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:03.122399 24.209.105.156:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14991 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB858A3BB  Ack: 0xE5376045  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:13.685928 24.209.105.156:4941 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16586 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB97C12F7  Ack: 0xE68C3F1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:14.211316 24.209.105.156:4949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16653 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB9837D9E  Ack: 0xE5AC1FD4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:17.880696 24.209.105.156:4964 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17214 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB990AE74  Ack: 0xE6A7F1D7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:18.354709 24.209.105.156:3073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EA5B0A  Ack: 0xE6AEA477  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:18.709223 24.209.105.156:3091 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9F9DF94  Ack: 0xE5F3EB12  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:40.339199 24.209.105.156:3718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC0F651A  Ack: 0xE803011E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:40.648523 24.209.105.156:3726 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20529 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC16B00D  Ack: 0xE7D2A6CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:54.854595 24.209.105.156:4030 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD193D6F  Ack: 0xE83C823C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.163416 24.209.105.156:4162 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22586 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8D9195  Ack: 0xE9AF1BCF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.618031 24.209.105.156:4168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD933987  Ack: 0xE9BE8885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:56.079696 24.209.105.156:4178 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22713 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD9CFDD3  Ack: 0xE9ECA86B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.100134 24.209.105.156:4292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23246 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBDFC210A  Ack: 0xE9A83299  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.590077 24.209.105.156:4301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBE0448DC  Ack: 0xEA2DF2F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.980304 24.209.105.156:4312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23369 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE0EF9E0  Ack: 0xE97AB13B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:11.284321 24.209.105.156:3248 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25679 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF70B8734  Ack: 0xAB62B2C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:14.916325 24.209.105.156:3387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF77DD61D  Ack: 0xAB35A608  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:15.120110 24.209.105.156:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7854CD2  Ack: 0xAB6DF8F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:28.358728 24.209.105.156:3660 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8707AE4  Ack: 0xAB77F4A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:32.260673 24.209.105.156:3872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28094 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF924C06F  Ack: 0xAC330F36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:32.771035 24.209.105.156:3886 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF92F65BF  Ack: 0xAC9E0757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:33.069169 24.209.105.156:3902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28219 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF93DE2C7  Ack: 0xACAE263B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:33.380175 24.209.105.156:3922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF94EB8F9  Ack: 0xAC8423F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:36.727808 24.209.105.156:4027 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28674 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9A5EE66  Ack: 0xACC4E996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:40.252420 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29112 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9FE0D86  Ack: 0xAC54E8DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.104313 24.209.105.156:4274 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29682 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA758208  Ack: 0xAD0230DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.501453 24.209.105.156:4286 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA7F6443  Ack: 0xAD05E7AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:45.000178 24.209.105.156:4299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29790 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA89C227  Ack: 0xACDB94F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.549804 24.209.105.156:4382 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30125 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAD3C1FF  Ack: 0xAD7D0176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.664877 24.209.105.156:4396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30144 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFAE15A14  Ack: 0xAD0B98C4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.745764 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30156 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE5A95D  Ack: 0xACE2AAC5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:26.999656 24.209.105.156:4700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39144 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x50929F3E  Ack: 0xBB0DDC12  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:36.962255 24.209.105.156:3011 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40581 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x51946D1C  Ack: 0xBB609480  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:40.197166 24.209.105.156:3150 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5206DFF6  Ack: 0xBB44CFDC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:43.985895 24.209.105.156:3303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41840 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5280C345  Ack: 0xBB76D722  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:53.958884 24.209.105.156:3594 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43188 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x537B0F6C  Ack: 0xBC1397BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.558751 24.209.105.156:3606 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43653 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53866BB6  Ack: 0xBBE228B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.800117 24.209.105.156:3693 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53D31F80  Ack: 0xBC9C9421  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.000920 24.209.105.156:3710 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x53E08C39  Ack: 0xBD13E865  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.591698 24.209.105.156:3733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F3D184  Ack: 0xBCA4222B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:02.667071 24.209.105.156:3805 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x54350A54  Ack: 0xBCD0C5F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:03.191129 24.209.105.156:3830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44315 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x544967CB  Ack: 0xBD5569B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.680931 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x545BB650  Ack: 0xBD62C292  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.920514 24.209.105.156:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54A5E7BB  Ack: 0xBCD2B903  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.466988 24.209.105.156:3944 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44833 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54ABDE3D  Ack: 0xBCC9AB8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.979432 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44905 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x54B918BC  Ack: 0xBD8782E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:08.317951 24.209.105.156:3980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CA63DC  Ack: 0xBD54D154  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:08.038691 24.209.105.156:4086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5750 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBD998CB0  Ack: 0x71F494E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.160549 24.209.105.156:4170 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6031 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBDE0FB21  Ack: 0x727EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.250352 24.209.105.156:4175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDE53AA8  Ack: 0x72B62D90  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:20.669223 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBEE23A1E  Ack: 0x7368F28C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:24.630828 24.209.105.156:4503 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7570 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEF68674  Ack: 0x72B7DADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:24.759519 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF5289DF  Ack: 0x739265B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:37.780751 24.209.105.156:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC045DF30  Ack: 0x743E2B74  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:37.914298 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC096F10A  Ack: 0x73DE69D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:38.022328 24.209.105.156:4992 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC09939DF  Ack: 0x73E953FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.392513 24.209.105.156:3242 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17200B1  Ack: 0x75054B10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.486776 24.209.105.156:3246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17565ED  Ack: 0x7518DC27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.601557 24.209.105.156:3253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17B0EE9  Ack: 0x74E1D6C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.722309 24.209.105.156:3258 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9700 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC17FC092  Ack: 0x74B23626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.019259 24.209.105.156:3263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1841355  Ack: 0x752EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.130656 24.209.105.156:3345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10005 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC1CA3C60  Ack: 0x752A97F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:19:00.472173 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11183 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2D74C99  Ack: 0x75A2B101  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:25.761551 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC997AA90  Ack: 0xB7B22741  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.728826 24.209.105.156:3587 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34014 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA913E84  Ack: 0xB8E78F67  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.824643 24.209.105.156:3691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34030 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE2DFB1  Ack: 0xB8B87BE4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.923511 24.209.105.156:3696 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE6DF77  Ack: 0xB93C9CEB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:39.031894 24.209.105.156:3698 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34058 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAE89B7D  Ack: 0xB8FAEDF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:48.395788 24.209.105.156:3985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34899 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCBD7D6F9  Ack: 0xB9AC0B88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:57.698400 24.209.105.156:4288 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35823 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCD3E1C0  Ack: 0xBA52CF05  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.306152 24.209.105.156:4386 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36048 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD23A3C5  Ack: 0xBA6D3032  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.385207 24.209.105.156:4387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD249205  Ack: 0xBA7F4A0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.461414 24.209.105.156:4388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD25130C  Ack: 0xB9DA5C00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.227240 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD31199B  Ack: 0xBAA69065  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.336767 24.209.105.156:4557 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCDB364B2  Ack: 0xBA956B38  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.418177 24.209.105.156:4666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36929 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCE0ACF7F  Ack: 0xBAEDBB2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.484108 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:12.726705 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37238 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:18.594376 24.209.105.156:4952 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCEFB7F6F  Ack: 0xBB9DBCED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:27.980702 24.209.105.156:3359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39103 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0430FB2  Ack: 0xBBFE4E73  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.771399 24.209.105.156:4494 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22543 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F255C9  Ack: 0xDC7BA09B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.850751 24.209.105.156:4496 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22551 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F43E65  Ack: 0xDBC2C992  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.940196 24.209.105.156:4498 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F5A79A  Ack: 0xDC3C8F3D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:06.911995 24.209.105.156:4756 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23693 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2D28B44  Ack: 0xDC3FA9ED  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:16.200125 24.209.105.156:3137 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x40F54C3  Ack: 0xDCDE1DB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:25.890939 24.209.105.156:3451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25769 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5185DDB  Ack: 0xDDFCBF89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:26.018199 24.209.105.156:3455 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51B2BC0  Ack: 0xDD785420  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.118898 24.209.105.156:3460 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25811 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51F8770  Ack: 0xDDB709F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.222819 24.209.105.156:3470 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5263BFD  Ack: 0xDE132678  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.548796 24.209.105.156:3809 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x640922C  Ack: 0xDE13BF14  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.645778 24.209.105.156:3812 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64380BF  Ack: 0xDE6A7408  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.762439 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27238 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x644D9A6  Ack: 0xDE895085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.866852 24.209.105.156:3817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27258 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6480945  Ack: 0xDE9F2B86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.967204 24.209.105.156:3822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64C5D21  Ack: 0xDEB131A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:36.037599 24.209.105.156:3826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64ED4FC  Ack: 0xDEA71083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:39.381518 24.209.105.156:3949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27721 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6AFEEF4  Ack: 0xDE82176A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.588659 24.209.105.156:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47341 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64221DA7  Ack: 0xFBF2A3BC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.851098 24.209.105.156:4252 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x642F3923  Ack: 0xFC32BD66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.163092 24.209.105.156:4259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6435AF63  Ack: 0xFBFB3AE2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.410159 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x643CD46E  Ack: 0xFC276AB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:58.354123 24.209.105.156:4289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47566 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x644F8E4F  Ack: 0xFC2F5597  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:11.812153 24.209.105.156:4575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49030 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6541689F  Ack: 0xFD7B7FD0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:21.137712 24.209.105.156:4951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x668232BA  Ack: 0xFD4CC0EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.528101 24.209.105.156:4961 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x668AF36C  Ack: 0xFE0CA105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.799465 24.209.105.156:4973 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669587A8  Ack: 0xFD604C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.034566 24.209.105.156:4979 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50179 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669AD08C  Ack: 0xFDD03B61  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.274106 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50206 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A325EF  Ack: 0xFE1282C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.814956 24.209.105.156:4994 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A86385  Ack: 0xFD9D443D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.289863 24.209.105.156:3013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50323 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66B6DC8F  Ack: 0xFDE260B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.784087 24.209.105.156:3023 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE460B  Ack: 0xFDADE307  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.305282 24.209.105.156:3034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66C92254  Ack: 0xFE2E063B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.810547 24.209.105.156:3049 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50493 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66D6EA82  Ack: 0xFE31B5C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.205804 24.209.105.156:3440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8593 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4C789D5  Ack: 0xF9D4EED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.400271 24.209.105.156:3558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8614 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF528343E  Ack: 0xF9ED54AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.493081 24.209.105.156:3559 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8627 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF529868B  Ack: 0xFA7E542E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.585174 24.209.105.156:3564 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8640 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF52E01D8  Ack: 0xFA09E5FC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.681608 24.209.105.156:3567 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF530502D  Ack: 0xFA3D3830  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.789030 24.209.105.156:3572 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5346702  Ack: 0xFA34B1ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.882886 24.209.105.156:3575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8690 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5367FB0  Ack: 0xFA6F3B5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:18.001646 24.209.105.156:3580 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8705 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF53A52A7  Ack: 0xFA524F35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:27.300734 24.209.105.156:3917 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9777 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF650F1EA  Ack: 0xFABB1806  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.751644 24.209.105.156:4254 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10850 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7699477  Ack: 0xFB80BE76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.865878 24.209.105.156:4257 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF76C82CC  Ack: 0xFB5B795C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.015685 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7709A60  Ack: 0xFBCB9263  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.100871 24.209.105.156:4264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10888 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF771EA3C  Ack: 0xFB57B7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.173655 24.209.105.156:4266 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7737AA7  Ack: 0xFB0E9C28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.268913 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10902 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF7749B0C  Ack: 0xFB3012A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:46.663905 24.209.105.156:4530 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11639 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8536013  Ack: 0xFB886E13  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:09.571639 24.209.105.156:4016 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5853 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4DCEEE3  Ack: 0xFCE997B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.205921 24.209.105.156:4313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7562 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5DD4FF8  Ack: 0xFCE77C77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.306470 24.209.105.156:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7586 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5E05AF5  Ack: 0xFD1DFDF6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.238016 24.209.105.156:4424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA63E384B  Ack: 0xFDC7A134  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.374401 24.209.105.156:4434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA645F9CB  Ack: 0xFD2538E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:33.239293 24.209.105.156:4688 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA721D58F  Ack: 0xFE5AC83B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:40.538864 24.209.105.156:4799 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA7816C5B  Ack: 0xFE1F26BE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.460723 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12017 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8CEA269  Ack: 0xFEAE03F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.770124 24.209.105.156:3308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12048 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9275481  Ack: 0xFEDFFE8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:54.224527 24.209.105.156:3316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92EA044  Ack: 0xFF079388  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:55.055355 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9467B42  Ack: 0xFF38A8E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:04.763070 24.209.105.156:3640 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA443C02  Ack: 0xFFE20D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.014207 24.209.105.156:3650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA4BCB7E  Ack: 0xFFD3F765  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.450824 24.209.105.156:3657 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13708 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA51D032  Ack: 0x501685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.937731 24.209.105.156:3670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA5CFF98  Ack: 0x2E30AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:06.179624 24.209.105.156:3686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13820 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA6A01A6  Ack: 0x863C0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.731184 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5264 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C7F416  Ack: 0x2D05AB5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.959313 24.209.105.156:3969 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89CFEE34  Ack: 0x2CF9169C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:57.853579 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A9DFEE0  Ack: 0x2D7AE990  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.210458 24.209.105.156:4618 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7326 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEEF2B4  Ack: 0x2E8A7CE0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.343027 24.209.105.156:4622 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BF268A3  Ack: 0x2DF4302D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:07.446386 24.209.105.156:4625 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BF57560  Ack: 0x2DBCDC5C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:16.762040 24.209.105.156:4919 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8406 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8CE8C40C  Ack: 0x2E77A477  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.133175 24.209.105.156:3005 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8697 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8D31EFDB  Ack: 0x2E9F7506  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.223924 24.209.105.156:3012 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3694A1  Ack: 0x2F52B08B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.306055 24.209.105.156:3015 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D39B59D  Ack: 0x2F1F25C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.412097 24.209.105.156:3018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3BA5FE  Ack: 0x2E814CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.720186 24.209.105.156:3313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8E3AAC97  Ack: 0x3008DF33  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.840280 24.209.105.156:3317 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8E3DE342  Ack: 0x2F508D71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.920485 24.209.105.156:3320 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9843 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E40D0FB  Ack: 0x2FC17A50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.047743 24.209.105.156:3323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9864 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8E439DA6  Ack: 0x2FBA0935  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.167673 24.209.105.156:3330 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E491C53  Ack: 0x2FDEFC85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.702040 24.209.105.156:4203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x22F7E7AC  Ack: 0x275DDEB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.877107 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16311 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x22FC0BF7  Ack: 0x279AEB1A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.960500 24.209.105.156:4210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FE1FC4  Ack: 0x274EC4BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.085352 24.209.105.156:4212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FFF8FD  Ack: 0x271FA50B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.182096 24.209.105.156:4218 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16349 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23045518  Ack: 0x2731A3A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.290630 24.209.105.156:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x23079DF8  Ack: 0x279B08A6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.423429 24.209.105.156:4226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x230B3642  Ack: 0x271B65CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:13.736049 24.209.105.156:4308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16578 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x235545D5  Ack: 0x27C4DE16  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.328364 24.209.105.156:4421 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23B4F863  Ack: 0x279F1F0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.425840 24.209.105.156:4507 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23FE9481  Ack: 0x27AA7087  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.319095 24.209.105.156:4798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24EFD0F6  Ack: 0x2906B7EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.398421 24.209.105.156:4914 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18313 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25516B21  Ack: 0x28A7E8A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:42.802073 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19172 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x264646C4  Ack: 0x2AF09645  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.868752 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2694B634  Ack: 0x2A2713CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.972069 24.209.105.156:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19470 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x269916DD  Ack: 0x2A57135F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:46.098697 24.209.105.156:3309 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19485 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x269F79CF  Ack: 0x2A27B41D  Win: 0x4470  TcpLen: 20

Go to: overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.105.156	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade