SnortSnarf alert page

Source: 24.63.13.134

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

76 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:14:12.829341 on 05/06/2003
Latest: 10:20:32.256465 on 05/16/2003

6 different signatures are present for 24.63.13.134 as a source

5 instances of WEB-IIS _mem_bin access
5 instances of WEB-FRONTPAGE /_vti_bin/ access
10 instances of WEB-IIS CodeRed v2 root.exe access
15 instances of WEB-IIS multiple decode attempt
18 instances of WEB-IIS cmd.exe access
23 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.63.13.134 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:12.829341 24.63.13.134:3905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36440 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC8CCBEEB  Ack: 0x74BD0D40  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:15.365339 24.63.13.134:3971 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36646 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC9058945  Ack: 0x75696609  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:30.262703 24.63.13.134:4238 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:37951 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC9F19036  Ack: 0x761460EB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:32.972282 24.63.13.134:4358 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:38165 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA5AA350  Ack: 0x7608DBA5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:44.202539 24.63.13.134:4665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39130 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCB60ABFD  Ack: 0x77868265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:45.756386 24.63.13.134:4697 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39273 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB7E1E0D  Ack: 0x76BF1E2D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:46.972455 24.63.13.134:4729 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB9D4060  Ack: 0x7745DCDC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:47.898980 24.63.13.134:4767 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39492 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCBBE89D0  Ack: 0x776C17A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:49.005103 24.63.13.134:4795 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39570 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBD68F23  Ack: 0x778C5685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:50.527460 24.63.13.134:4824 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBE93263  Ack: 0x778040DF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:52.330676 24.63.13.134:4955 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39860 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC1135C5  Ack: 0x77C51DBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:54.160941 24.63.13.134:1046 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40010 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC35C754  Ack: 0x77740CAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:55.379949 24.63.13.134:1083 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40153 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCC57E0DA  Ack: 0x780D3389  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:56.657128 24.63.13.134:1107 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40258 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC6D22EB  Ack: 0x77790642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:58.110150 24.63.13.134:1149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40396 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCC920FE7  Ack: 0x777CDD8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:59.456605 24.63.13.134:1186 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40503 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCCB38A3D  Ack: 0x77900ECA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:17.507236 24.63.13.134:4200 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44524 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAEAD9756  Ack: 0x4D674268  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:19.230218 24.63.13.134:4373 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44892 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF355719  Ack: 0x4CEFBB04  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:20.407699 24.63.13.134:4421 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45040 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF5D9C4F  Ack: 0x4D0D84C0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:24.389760 24.63.13.134:4475 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45972 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF8611FC  Ack: 0x4D475D39  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:25.498000 24.63.13.134:1064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB06E2DC2  Ack: 0x4CF94AA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.032167 24.63.13.134:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46817 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0A1FF9F  Ack: 0x4DD2FAF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.537811 24.63.13.134:1355 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1553EB9  Ack: 0x4DD1ECAD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.065325 24.63.13.134:1387 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46981 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB170528B  Ack: 0x4E069140  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.804841 24.63.13.134:1399 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47074 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB17A8AB8  Ack: 0x4DCD2737  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:35.386836 24.63.13.134:1688 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47854 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2601699  Ack: 0x4E1CD810  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:36.472375 24.63.13.134:1741 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB289CC89  Ack: 0x4E0842E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:37.130793 24.63.13.134:1792 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2B586B7  Ack: 0x4E5ADB37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:40.991761 24.63.13.134:1802 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48966 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2BFFD93  Ack: 0x4E19E3B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:41.942108 24.63.13.134:2086 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB39F08ED  Ack: 0x4E5CB850  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:43.031881 24.63.13.134:2105 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49205 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB3AF74EF  Ack: 0x4EE817D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:47.531353 24.63.13.134:2410 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB4A334C3  Ack: 0x4EB5B634  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:20.840266 24.63.13.134:3139 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16052 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x454E2ED5  Ack: 0xAF771C94  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:31.327285 24.63.13.134:3804 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18013 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x47480A55  Ack: 0xB02F8492  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:36.060997 24.63.13.134:4243 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18912 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x489B3A67  Ack: 0xB0B5885A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:37.719727 24.63.13.134:4440 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19204 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49191A17  Ack: 0xB099CD54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:39.200382 24.63.13.134:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x49604C38  Ack: 0xB024C9CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:44.763666 24.63.13.134:4848 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20497 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49C609D9  Ack: 0xB0F85829  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:50.122762 24.63.13.134:1473 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:21586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B585201  Ack: 0xB14050D6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:55.020167 24.63.13.134:1789 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4C4B4FA2  Ack: 0xB18BC03C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:59.663823 24.63.13.134:1925 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB2FE76  Ack: 0xB2261DDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:34.584585 24.63.13.134:2040 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:3547 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x99458DB2  Ack: 0xCAA94A21  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:38.670832 24.63.13.134:2169 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:4485 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x99A7C67B  Ack: 0xCA90ADA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:42.890714 24.63.13.134:2635 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:5320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B024E88  Ack: 0xCAF9426A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:05.312093 24.63.13.134:2706 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9534 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B346E88  Ack: 0xCB2FA9EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:06.707286 24.63.13.134:4145 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F77B445  Ack: 0xCC0AF929  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:11.110049 24.63.13.134:4479 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10753 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA06D5077  Ack: 0xCC3F62A3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:12.562362 24.63.13.134:4550 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0812844  Ack: 0xCCE9E56E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:16.959844 24.63.13.134:4842 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:11782 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0EB82C6  Ack: 0xCCED25CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:21.680298 24.63.13.134:1252 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:12656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1D0DDC2  Ack: 0xCCF4A247  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:26.232725 24.63.13.134:1747 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:13599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA34621CA  Ack: 0xCD915946  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:36.590180 24.63.13.134:1770 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA35A4DB1  Ack: 0xCD4E0C65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.506908 24.63.13.134:2505 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16457 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA57E9A30  Ack: 0xCE91B79D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.988000 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16523 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:43.861369 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:44.720084 24.63.13.134:2938 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17158 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6C8E59D  Ack: 0xCEEEECC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:45.844813 24.63.13.134:3064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17462 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA7234A7F  Ack: 0xCE468533  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:50.599893 24.63.13.134:3305 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18396 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7DF7E65  Ack: 0xCEC4F287  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:54.662279 24.63.13.134:2727 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59190 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF9BE8ABD  Ack: 0x4A32AA46  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:58.955805 24.63.13.134:2784 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59928 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF9EA6EA0  Ack: 0x4B3BC3C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.306630 24.63.13.134:2946 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59987 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA68D3FA  Ack: 0x4A754411  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.693881 24.63.13.134:3014 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA9BC11E  Ack: 0x4B339B87  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.994293 24.63.13.134:3024 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAA4C344  Ack: 0x4B2C383D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.665906 24.63.13.134:3534 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61788 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC34C8D2  Ack: 0x4BC3BDA1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.930476 24.63.13.134:3540 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61831 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC39F4DB  Ack: 0x4B949691  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:10.238837 24.63.13.134:3545 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61866 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFC3E5FA7  Ack: 0x4B5C4BC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.017204 24.63.13.134:4041 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63475 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDB9C874  Ack: 0x4C8ADA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.347676 24.63.13.134:4048 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63509 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDBE4369  Ack: 0x4C0D89D8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.742905 24.63.13.134:4053 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDC337C3  Ack: 0x4BF24A29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.485367 24.63.13.134:4109 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63727 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDEBF338  Ack: 0x4BC3ABE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.744651 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:24.735323 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64265 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:25.221898 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.190258 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.518068 24.63.13.134:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64903 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFF09C901  Ack: 0x4CE1E9E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:32.256465 24.63.13.134:4694 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:65467 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFF8D67F4  Ack: 0x4CEED0CB  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.63.13.134	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade