[Silicon Defense logo]

SnortSnarf alert page

Source: 24.209.42.242

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

77 such alerts found using input module SnortFileInput, with sources:
Earliest: 19:09:24.002318 on 05/10/2003
Latest: 03:52:33.710054 on 05/16/2003

7 different signatures are present for 24.209.42.242 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.42.242 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-19:09:24.002318 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B14D95 Ack: 0x9BD53AEE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-19:09:24.066494 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B15349 Ack: 0x9BD53AEE Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-20:22:13.388313 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406969 Ack: 0xAFE28E19 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-20:22:13.428589 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406F1D Ack: 0xAFE28E19 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-21:20:56.228933 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42024 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC24C Ack: 0x8D4A30B3 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-21:20:56.257993 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42025 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC800 Ack: 0x8D4A30B3 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-21:26:39.641001 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3058 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDEFF98 Ack: 0xA2D90735 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/10-21:26:39.713345 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3059 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDF054C Ack: 0xA2D90735 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-22:54:59.570702 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52602 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD3E7 Ack: 0x3106C3AD Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-22:54:59.600516 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD99B Ack: 0x3106C3AD Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-23:03:31.317851 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB09011D9 Ack: 0x50B5FAED Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-23:03:31.382330 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB090178D Ack: 0x50B5FAED Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-06:19:09.815884 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x61691DF5 Ack: 0xBF11A4C1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-06:19:09.845261 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x616923A9 Ack: 0xBF11A4C1 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-06:19:20.690767 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820930 Ack: 0xBF8E69C7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-06:19:20.722116 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820EE4 Ack: 0xBF8E69C7 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-08:32:59.472127 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC8448367 Ack: 0xB82FAAA4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-08:32:59.522395 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC844891B Ack: 0xB82FAAA4 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-09:48:23.161928 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE617B5 Ack: 0xD45E1659 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-09:48:23.202509 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE61D69 Ack: 0xD45E1659 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-16:51:39.054281 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A34CDB Ack: 0x139FF295 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-16:51:39.125899 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47052 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A3528F Ack: 0x139FF295 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-17:55:59.395568 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44788 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27450 Ack: 0x72B8022 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-17:55:59.434006 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27A04 Ack: 0x72B8022 Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-18:16:16.199420 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A24E6 Ack: 0x54C32C8F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-18:16:16.221733 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A2A9A Ack: 0x54C32C8F Win: 0x4470 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-05:59:20.645152 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802C81E Ack: 0xB3EE8880 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-05:59:20.685394 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802CDD2 Ack: 0xB3EE8880 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:23.771875 24.209.42.242:1445 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22143 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA84A4ABC Ack: 0xF1847787 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:26.956721 24.209.42.242:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22319 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA88BC1D2 Ack: 0xF2108AF2 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:27.044953 24.209.42.242:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22328 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88D6332 Ack: 0xF208C192 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:27.140971 24.209.42.242:1519 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22348 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88EB7AC Ack: 0xF20EC748 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:27.242435 24.209.42.242:1521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA8907843 Ack: 0xF1CD89DC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/14-03:43:27.320134 24.209.42.242:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22366 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA892A85F Ack: 0xF2705191 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/14-03:43:27.381906 24.209.42.242:1524 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA893EADF Ack: 0xF1E0A2D5 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:27.454650 24.209.42.242:1525 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22380 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8948B03 Ack: 0xF2003C97 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:27.525179 24.209.42.242:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22389 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA895A8CD Ack: 0xF2421A71 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:36.670668 24.209.42.242:1685 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22836 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92AD9AC Ack: 0xF26669B5 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:36.778516 24.209.42.242:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22848 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92C6308 Ack: 0xF2283CE4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:36.889575 24.209.42.242:1690 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92E7B15 Ack: 0xF28B805C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:36.981186 24.209.42.242:1691 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22864 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA92F8F25 Ack: 0xF2E0DDD9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:37.063500 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739 Ack: 0xF2BF58E0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:40.341688 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23031 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739 Ack: 0xF2BF58E0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:46.146199 24.209.42.242:1873 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA9DA3138 Ack: 0xF2CFEA72 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-03:43:46.232042 24.209.42.242:1875 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9DC3962 Ack: 0xF2FCA162 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:05.846421 24.209.42.242:3176 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18089 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6353890D Ack: 0x7B8A64DF Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:06.144917 24.209.42.242:3183 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18109 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x63590028 Ack: 0x7B0E2564 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:09.311796 24.209.42.242:3292 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18383 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x63B522DA Ack: 0x7BB11D70 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:18.391081 24.209.42.242:3597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B76898 Ack: 0x7C856697 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:18.574294 24.209.42.242:3600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19344 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64BA32BD Ack: 0x7BD81A1D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/15-23:15:21.649842 24.209.42.242:3681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19614 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65038933 Ack: 0x7C29B4B6 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/15-23:15:21.785283 24.209.42.242:3682 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19624 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6504BF07 Ack: 0x7C3034D6 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:25.001692 24.209.42.242:3785 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19859 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x65587511 Ack: 0x7C118628 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:25.113253 24.209.42.242:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655BFB2F Ack: 0x7C9EEB61 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:25.264494 24.209.42.242:3792 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19908 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655F3B0E Ack: 0x7C9AFAA0 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:28.414076 24.209.42.242:3901 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65BAE6BC Ack: 0x7C479D90 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:31.536464 24.209.42.242:3983 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20486 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66028730 Ack: 0x7CDF4251 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:34.661645 24.209.42.242:4100 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20789 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6660A626 Ack: 0x7CF67FED Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:34.844446 24.209.42.242:4104 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6663F7F9 Ack: 0x7D495F67 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:34.983160 24.209.42.242:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20831 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6669D2F8 Ack: 0x7D794FC7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-23:15:44.105712 24.209.42.242:4485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22002 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x679AEA3D Ack: 0x7D9883AF Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:51:40.950494 24.209.42.242:1340 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21257 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5F7D344C Ack: 0x8F97AC1D Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:51:41.175489 24.209.42.242:1401 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21278 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5FAC02EA Ack: 0x902ABA97 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:02.271418 24.209.42.242:2015 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23042 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61BDF193 Ack: 0x91680CDB Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:11.375084 24.209.42.242:2307 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23810 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62B64F79 Ack: 0x91A42AF8 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:20.512605 24.209.42.242:2486 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24381 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6359AC14 Ack: 0x91E8AB79 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-03:52:20.602791 24.209.42.242:2487 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24391 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x635ACBD8 Ack: 0x91E451B7 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-03:52:20.747877 24.209.42.242:2568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24485 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6398011E Ack: 0x9242EF13 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:29.814757 24.209.42.242:2821 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25355 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x64763ABC Ack: 0x942CCB0D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:29.985880 24.209.42.242:2822 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25368 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64770232 Ack: 0x93684C9C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:30.079545 24.209.42.242:2825 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25376 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647A39DD Ack: 0x93AC2DBD Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:30.204116 24.209.42.242:2828 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25393 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647CCAD3 Ack: 0x935F15B6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:30.317372 24.209.42.242:2832 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6480839E Ack: 0x93A02B54 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:30.425489 24.209.42.242:2834 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25421 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6482761E Ack: 0x942E1A7A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:33.515516 24.209.42.242:2987 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25824 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FCADDB Ack: 0x93E01F19 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:33.604565 24.209.42.242:2989 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25832 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64FE8979 Ack: 0x93803281 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-03:52:33.710054 24.209.42.242:2990 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FF7B90 Ack: 0x93C80542 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003