[Silicon Defense logo]

SnortSnarf alert page

Source: 24.93.48.91

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

41 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:33:57.198975 on 05/13/2003
Latest: 23:28:20.543723 on 05/19/2003

6 different signatures are present for 24.93.48.91 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.93.48.91 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:33:57.198975 24.93.48.91:4129 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42778 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEF7E789C Ack: 0x7DCA38AC Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:33:58.657071 24.93.48.91:4150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42925 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF928113 Ack: 0x7DDF2C3B Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:09.081885 24.93.48.91:4278 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43880 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF015EEF3 Ack: 0x7ED6FBC5 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:13.293941 24.93.48.91:4332 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44262 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF04F2420 Ack: 0x7F128759 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:14.170805 24.93.48.91:4350 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44351 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF060ABD2 Ack: 0x7F1A4A2D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/13-21:34:15.589148 24.93.48.91:4369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44487 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF070F735 Ack: 0x7EC19EDF Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/13-21:34:25.640660 24.93.48.91:4496 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45369 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0F66F16 Ack: 0x7F4F547B Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:30.000808 24.93.48.91:4557 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45819 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF1340E5E Ack: 0x802F003B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:34.140878 24.93.48.91:4612 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF16CC2F2 Ack: 0x8050DF26 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:35.472110 24.93.48.91:4633 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF17FFE3C Ack: 0x806C72F3 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:36.600595 24.93.48.91:4644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18CF8FF Ack: 0x8002E0E4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:37.891797 24.93.48.91:4662 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF19E9E30 Ack: 0x80715670 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:39.129121 24.93.48.91:4686 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46698 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF1B61525 Ack: 0x80C029F2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:40.535738 24.93.48.91:4707 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1CABCB1 Ack: 0x80F375B1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:41.463609 24.93.48.91:4722 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46943 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF1DABCAD Ack: 0x80D2DF48 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-21:34:42.716071 24.93.48.91:4739 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:47066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1EB5092 Ack: 0x809156C4 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:24:47.068606 24.93.48.91:4634 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9790 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1E83ED2F Ack: 0xED30A3B9 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:10.564164 24.93.48.91:1369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13533 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20E4EE97 Ack: 0xEE004A10 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:12.798993 24.93.48.91:1426 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2119C14A Ack: 0xEE7E83BB Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:15.127502 24.93.48.91:1519 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14272 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2165A7FD Ack: 0xEEA7CDDB Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:17.406040 24.93.48.91:1581 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x219D2E37 Ack: 0xEE87DED1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-21:25:19.665250 24.93.48.91:1649 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14974 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21D7E271 Ack: 0xEE777CF7 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-21:25:30.826032 24.93.48.91:1997 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16751 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2309B628 Ack: 0xEEED02F6 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:33.100025 24.93.48.91:2050 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17089 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x23371C05 Ack: 0xEF5655DF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:44.368164 24.93.48.91:2414 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18978 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2470B806 Ack: 0xF09B89DF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:46.591863 24.93.48.91:2482 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24ABCE12 Ack: 0xEFE1DA94 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:25:57.858219 24.93.48.91:2826 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25D287E3 Ack: 0xF101095B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:26:00.180082 24.93.48.91:2883 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21637 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x260640E9 Ack: 0xF09E37A7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:26:11.428984 24.93.48.91:3227 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23462 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x272E355A Ack: 0xF1D479F2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:26:13.699612 24.93.48.91:3271 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2758D6E7 Ack: 0xF1B6FE2C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:26:15.907611 24.93.48.91:3330 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24153 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x278BB826 Ack: 0xF1A9136F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/17-21:26:27.181779 24.93.48.91:3671 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26113 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28AF27DD Ack: 0xF2F2DB6A Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:27:48.207081 24.93.48.91:4831 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58382 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDCA6A29 Ack: 0x3D055B2E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:27:51.335479 24.93.48.91:4940 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58917 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE26559B Ack: 0x3CE03C89 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:27:54.636785 24.93.48.91:1081 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE84401E Ack: 0x3DB86C57 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:28:00.905037 24.93.48.91:1305 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60389 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF3E1A58 Ack: 0x3E44E47F Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:28:07.073239 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61408 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12 Ack: 0x3EACBAC1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:28:10.062785 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61866 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12 Ack: 0x3EACBAC1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-23:28:13.301269 24.93.48.91:1779 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x10C9A2A6 Ack: 0x3EF3E37E Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-23:28:17.290231 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62876 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37 Ack: 0x3F382F06 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-23:28:20.543723 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63250 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37 Ack: 0x3F382F06 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003