[Silicon Defense logo]

SnortSnarf signature page

WEB-IIS ISAPI .ida attempt

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

930 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 04:22:53.472111 on 04/18/2003
Latest such alert at 03:47:13.898725 on 06/17/2003

WEB-IIS ISAPI .ida attempt 304 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:1243] [arachNIDS:552]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
24.209.196.2546613411
24.209.98.1486212511
24.209.26.1986012011
24.209.36.1945612911
24.209.37.151377411
24.209.44.83367211
24.209.39.2463532611
24.209.191.912713611
24.209.97.26255011
24.209.229.123244811
24.209.203.150204011
24.209.49.251204211
24.209.215.159163311
24.209.238.177163211
24.209.191.210142811
24.209.42.242147711
24.209.105.1561330611
24.209.5.9871411
24.209.33.15861211
24.209.50.21251011
24.209.113.1155211
24.209.178.8451011
24.209.45.2151011
218.16.111.8951011
24.209.179.15451011
24.209.210.25251011
24.209.45.974811
24.225.182.784611
24.209.100.2454811
24.209.34.1854811
24.209.133.904811
24.209.184.904811
24.132.247.344811
24.162.60.2013411
24.198.198.273511
24.118.109.2093511
211.167.226.783611
24.209.97.603611
24.173.130.702511
24.172.63.2452411
24.42.15.252411
24.207.34.1102411
24.136.217.1092411
24.130.80.1762411
24.218.174.972411
24.158.157.342411
24.100.74.1542411
24.159.178.252311
24.98.4.902411
24.157.60.4822011
24.74.60.1762411
24.34.204.452311
61.139.208.1702411
24.126.90.1632411
24.61.2.1182411
24.126.123.1612411
24.62.42.1362411
24.136.138.1732411
24.68.67.1142411
24.168.247.2082411
24.127.15.1622111
24.194.228.552411
24.209.66.1272411
24.166.190.322411
24.231.8.1842311
24.99.77.522411
24.214.6.2072411
24.218.33.1672411
24.136.155.1122411
24.239.142.1412411
24.26.238.581211
200.149.157.1531211
24.229.103.2341211
24.155.55.1631211
24.130.74.151211
24.132.129.2061211
24.112.177.1631211
24.55.29.581211
24.145.197.31211
218.58.115.1131211
24.27.99.2441211
61.136.148.431211
24.145.197.221211
159.134.176.591211
24.26.146.1151211
206.49.58.301211
24.207.210.1561211
24.217.19.1771211
24.118.162.1081211
24.61.163.311211
24.217.85.281211
65.196.39.361211
24.83.20.1521211
213.145.174.1231211
24.193.243.231211
24.209.14.1641211
24.207.208.471211
24.141.105.2081211
24.216.27.881211
24.29.133.2001211
62.194.177.981211
61.11.35.671211
24.29.16.2541211
24.128.167.1101211
200.54.64.1301211
24.118.24.561211
24.150.72.1681211
24.88.222.551211
24.99.71.1291211
24.207.196.2291211
24.71.45.891211
24.171.29.231211
24.100.77.71211
24.218.34.1151211
24.145.209.1521211
24.233.151.101211
24.136.140.1271211
202.100.20.761211
24.145.209.1571211
24.207.159.2131211
65.26.95.71211
24.136.220.91211
24.53.7.791211
24.118.120.2041211
211.161.149.31211
24.63.8.1461211
24.100.46.1211211
24.118.108.281211
24.225.137.2281211
24.209.177.1261211
24.209.24.981211
24.129.65.2451211
24.33.80.1211211
24.212.21.1921211
24.198.148.1991211
24.118.110.941211
24.130.75.1291211
24.129.124.681211
24.148.39.971211
24.98.68.1831211
24.42.220.1181211
61.189.217.311211
24.199.81.2101211
24.193.104.691211
24.58.202.2191211
24.172.109.31211
24.192.100.1251211
24.239.159.1591211
61.143.118.721211
24.151.33.761211
24.159.116.861211
24.167.23.631211
24.131.187.2361211
24.145.224.141211
81.57.79.961211
24.193.10.2061211
24.193.153.1461211
24.30.124.2201211
24.91.112.14911811
24.77.17.601211
203.73.143.1231211
24.98.69.17213311
24.148.85.8511811
24.128.89.171211
24.239.182.1091211
24.48.212.451211
24.80.90.2191211
24.209.128.1641211
24.167.80.1551211
218.151.92.1001211
24.112.85.61211
24.28.233.1681211
24.112.69.81211
24.67.245.1281211
24.43.3.891211
24.229.63.1121211
24.174.88.2201211
24.98.209.1191211
24.148.1.421211
24.93.250.1601211
24.209.252.311211
24.136.23.201211
218.27.203.971211
24.148.65.681211
24.42.35.2311211
24.150.134.1301211
24.163.219.2511311
24.98.28.211211
24.175.87.101211
24.194.35.1721211
80.212.222.631211
24.174.80.151211
24.193.230.461211
24.91.171.11211
24.125.71.2261211
24.27.172.1501211
24.101.169.31211
62.220.28.1541211
24.93.116.2251211
24.166.156.301211
24.196.16.171211
24.174.84.2251211
24.98.45.131211
24.25.30.571211
24.162.150.1791211
24.93.51.1061211
24.165.15.1771211
24.145.197.961211
210.107.253.2111211
24.25.215.41211
24.34.176.2361211
24.99.79.521211
61.152.247.171211
24.161.243.2481211
24.29.155.701211
24.209.125.1711211
24.80.9.1681211
24.112.238.371211
24.77.219.171211
63.197.51.1701211
24.112.153.1631211
218.18.72.331211
24.91.243.831211
24.175.36.191211
24.26.92.1851211
24.208.78.2361211
24.102.124.1701211
24.136.152.2201211
24.155.52.881211
24.244.187.61211
24.74.111.191211
24.160.250.2361211
24.225.150.2121211
24.173.6.1061211
24.93.134.371211
24.95.148.341211
24.81.48.2351211
80.117.71.2381211
68.72.208.321211
24.126.31.331211
24.160.33.541211
24.207.194.1121211
24.167.127.1461211
24.194.136.2161211
24.244.179.281211
24.164.115.1941211
24.90.108.921211
200.67.24.1381211
24.120.224.1141211
24.33.145.2121211
24.94.15.671211
12.27.55.2431211
24.82.171.1101211
24.225.153.1621211
24.24.212.291211
24.117.37.601211
24.73.104.661211
24.235.161.611211
219.155.227.1061211
24.81.210.2301211
217.7.121.1661211
24.147.143.3211811
24.69.2.1991211
24.218.185.1951211
24.90.188.911211
24.68.101.1131211
24.49.186.1771211
24.244.137.891211
24.33.18.421211
24.237.10.951211
24.63.13.1861211
24.231.32.811211
24.132.51.2511211
24.218.145.2011211
24.125.88.1361211
24.102.7.2351211
24.132.66.2391211
24.172.109.751211
24.106.43.61211
24.34.222.5211911
24.151.128.1341211
24.114.141.1491211
24.42.59.1401211
24.209.210.1771211
24.162.63.1811211
24.98.153.561211
219.155.227.1181211
24.195.81.511211
24.90.170.1801211
24.245.10.1921211
24.94.192.411211
24.238.141.781211
24.130.90.291211
24.209.71.221211
24.126.134.1041211
24.147.6.1581211
24.71.225.1341211
24.103.146.1651211
218.87.235.2531211
24.217.69.931211
218.28.4.461211
24.118.69.1831211
24.106.135.1101211
24.98.239.1511211

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.69307770304624

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:51 2003