[Silicon Defense logo]

SnortSnarf alert page

Source: 24.99.137.153

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

33 such alerts found using input module SnortFileInput, with sources:
Earliest: 15:14:02.688676 on 05/13/2003
Latest: 01:57:22.647258 on 05/15/2003

6 different signatures are present for 24.99.137.153 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.99.137.153 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:02.688676 24.99.137.153:2990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55725 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1A05C4FC Ack: 0xE247189C Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:05.260270 24.99.137.153:3065 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56046 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1A45F548 Ack: 0xE20098CB Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:05.399639 24.99.137.153:3074 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56065 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A4C3356 Ack: 0xE246C098 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:05.538563 24.99.137.153:3080 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A50AA72 Ack: 0xE26BAAB5 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:08.710399 24.99.137.153:3087 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56453 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A56FBA3 Ack: 0xE21E3079 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/13-15:14:12.107204 24.99.137.153:3291 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56856 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1AFECF7F Ack: 0xE27094C4 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/13-15:14:12.253070 24.99.137.153:3294 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56892 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1B01BF5E Ack: 0xE2AD4BF8 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:12.550098 24.99.137.153:3298 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56941 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1B03EAA9 Ack: 0xE27AF4C7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:15.688765 24.99.137.153:3387 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57280 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B5390C0 Ack: 0xE344A766 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:15.827220 24.99.137.153:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57290 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B58B3E5 Ack: 0xE24EE3FB Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:19.162752 24.99.137.153:3504 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB62407 Ack: 0xE2BB7E71 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:19.294326 24.99.137.153:3508 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB935B9 Ack: 0xE2DF426D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:31.916935 24.99.137.153:3817 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59094 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1CB7EAB0 Ack: 0xE379A8C8 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:32.075873 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59111 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45 Ack: 0xE45430AB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:35.072196 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59268 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45 Ack: 0xE45430AB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:35.200712 24.99.137.153:3982 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59278 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1D4ABA9A Ack: 0xE520C8AE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/13-15:14:35.369976 24.99.137.153:3990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59295 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D510A1E Ack: 0xE47AD78E Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:56:31.723936 24.99.137.153:1682 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59724 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8786BC6E Ack: 0x9D4A9DA4 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:56:39.602600 24.99.137.153:1863 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60686 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x882161F7 Ack: 0x9DC96978 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:56:39.740725 24.99.137.153:1998 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60709 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x88982506 Ack: 0x9D2E8C4C Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:56:39.885593 24.99.137.153:2002 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60731 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x889B6CA2 Ack: 0x9DB6B0DB Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:56:40.390189 24.99.137.153:2019 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60782 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88A9F549 Ack: 0x9DDDC872 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/15-01:56:53.174741 24.99.137.153:2496 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62916 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A2A3FC9 Ack: 0x9E0074F5 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/15-01:56:53.319563 24.99.137.153:2649 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62933 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A9E246B Ack: 0x9EADAC75 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:02.743307 24.99.137.153:3070 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64532 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BFFEF38 Ack: 0x9EF754F7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:02.945040 24.99.137.153:3075 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64555 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8C054F09 Ack: 0x9EAC51FF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:12.398695 24.99.137.153:3434 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D310182 Ack: 0x9F6150F1 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:12.551389 24.99.137.153:3438 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D34EB6F Ack: 0x9F7A8F42 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:12.724436 24.99.137.153:3448 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:245 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3CEE06 Ack: 0xA0114684 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:12.910119 24.99.137.153:3451 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8D40AFAB Ack: 0x9FCF497B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:13.046338 24.99.137.153:3460 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:331 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8D48E195 Ack: 0x9FF8F28D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:13.223600 24.99.137.153:3465 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:363 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8D4E59C7 Ack: 0x9F94FCD6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/15-01:57:22.647258 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8EBA468B Ack: 0xA064C76E Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003