SnortSnarf signature page

WEB-IIS multiple decode attempt

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

952 alerts with this signature using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest such alert at 19:49:24.965869 on 04/17/2003
Latest such alert at 04:47:14.753241 on 06/17/2003

WEB-IIS multiple decode attempt	176 sources	1 destinations
Priority: 1	Classification: Web Application Attack
[sid:970] [CVE:CAN-2001-0333]

Sources triggering this attack signature

Source	# Alerts (sig)	# Alerts (total)	# Dsts (sig)	# Dsts (total)
24.209.39.246	54	326	1	1
24.209.105.156	52	306	1	1
24.209.174.0	49	250	1	1
24.209.219.162	43	213	1	1
24.209.11.98	22	99	1	1
24.209.219.95	16	81	1	1
24.209.191.91	16	136	1	1
24.63.13.134	15	76	1	1
24.245.2.233	14	66	1	1
24.209.18.197	12	65	1	1
24.130.219.16	11	50	1	1
24.44.2.165	11	51	1	1
24.209.40.219	10	49	1	1
24.209.42.242	10	77	1	1
24.35.68.68	10	49	1	1
24.98.140.134	9	46	1	1
24.99.37.186	8	34	1	1
24.209.118.134	8	34	1	1
24.219.28.221	8	34	1	1
24.74.84.124	8	34	1	1
24.126.82.22	8	49	1	1
24.166.45.37	7	32	1	1
24.57.13.78	7	33	1	1
24.98.99.141	7	31	1	1
24.186.148.24	7	33	1	1
24.99.137.153	7	33	1	1
24.157.173.39	7	33	1	1
24.209.113.11	7	52	1	1
24.46.127.157	7	32	1	1
24.112.153.44	7	33	1	1
24.29.173.81	6	33	1	1
24.242.248.248	6	31	1	1
24.125.85.187	6	32	1	1
24.189.230.118	6	40	1	1
24.98.50.142	6	32	1	1
24.93.48.91	6	41	1	1
24.150.22.139	5	18	1	1
24.91.103.152	5	18	1	1
24.203.221.5	5	18	1	1
24.85.206.152	5	18	1	1
24.98.69.172	5	33	1	1
24.150.202.37	5	32	1	1
24.114.34.24	5	18	1	1
24.30.115.93	5	18	1	1
24.243.144.13	5	20	1	1
24.204.108.61	4	17	1	1
24.157.153.204	4	21	1	1
24.164.56.165	4	17	1	1
24.28.27.201	4	17	1	1
24.127.15.16	4	21	1	1
24.201.150.218	4	17	1	1
24.61.174.158	4	18	1	1
24.226.59.104	4	17	1	1
24.245.36.142	4	21	1	1
24.191.37.113	4	17	1	1
24.218.160.238	4	22	1	1
24.203.10.194	4	17	1	1
24.226.120.167	4	17	1	1
24.148.68.177	4	17	1	1
24.160.16.46	4	17	1	1
24.138.38.206	4	17	1	1
24.218.253.67	4	17	1	1
24.112.193.145	4	30	1	1
24.59.74.47	4	17	1	1
24.123.41.130	4	17	1	1
24.209.36.207	4	17	1	1
24.209.36.194	4	129	1	1
24.95.244.129	4	17	1	1
24.167.224.150	4	17	1	1
24.140.13.155	4	17	1	1
24.171.142.32	4	17	1	1
24.98.61.177	4	18	1	1
24.114.7.121	4	25	1	1
24.201.31.41	4	17	1	1
24.30.227.136	4	17	1	1
24.126.254.13	4	17	1	1
24.84.94.195	4	17	1	1
24.198.102.60	4	17	1	1
24.201.23.63	3	16	1	1
24.91.57.211	3	16	1	1
24.153.56.26	3	16	1	1
24.90.92.167	3	17	1	1
24.150.86.224	3	12	1	1
24.160.157.79	3	16	1	1
24.126.120.88	3	16	1	1
24.206.140.78	3	16	1	1
24.84.101.194	3	16	1	1
24.205.10.247	3	16	1	1
24.242.253.122	3	23	1	1
24.54.164.105	3	16	1	1
24.106.83.102	3	16	1	1
24.148.37.196	3	16	1	1
24.76.98.113	3	16	1	1
24.25.55.93	3	16	1	1
24.157.60.48	3	20	1	1
24.71.58.208	3	17	1	1
24.60.182.124	3	15	1	1
24.162.219.203	3	16	1	1
24.91.112.149	3	18	1	1
24.202.81.59	3	16	1	1
24.162.12.210	3	16	1	1
24.175.171.180	3	15	1	1
24.98.129.251	3	12	1	1
24.94.212.166	3	16	1	1
24.214.128.126	3	16	1	1
24.120.188.236	3	16	1	1
24.220.31.3	3	16	1	1
24.150.19.123	3	16	1	1
24.201.83.152	3	16	1	1
24.174.223.212	3	16	1	1
24.158.5.113	3	16	1	1
24.62.112.148	3	16	1	1
24.202.15.240	3	16	1	1
24.205.137.12	3	16	1	1
24.99.136.16	3	14	1	1
24.147.143.32	3	18	1	1
24.208.232.173	3	16	1	1
24.198.148.104	3	17	1	1
24.198.96.149	3	16	1	1
24.161.112.40	3	16	1	1
24.197.103.210	3	16	1	1
24.60.106.185	3	16	1	1
24.99.90.28	3	16	1	1
24.166.119.88	3	19	1	1
24.150.35.194	3	16	1	1
24.43.35.50	3	15	1	1
24.243.238.248	3	16	1	1
24.74.33.155	3	15	1	1
24.114.19.203	3	16	1	1
24.129.102.205	3	27	1	1
24.202.34.72	3	16	1	1
24.161.94.61	3	16	1	1
24.150.116.10	3	16	1	1
24.98.22.117	3	25	1	1
24.208.193.218	3	20	1	1
24.50.102.88	3	16	1	1
24.114.84.143	3	17	1	1
24.52.59.25	3	18	1	1
24.158.6.15	3	16	1	1
24.70.71.236	3	16	1	1
24.160.23.53	3	15	1	1
24.91.73.152	3	16	1	1
24.66.107.87	3	16	1	1
24.30.204.145	3	16	1	1
24.74.152.249	3	16	1	1
24.99.49.210	3	16	1	1
24.34.222.52	3	19	1	1
24.236.70.2	3	17	1	1
24.114.70.182	3	16	1	1
24.98.223.233	3	15	1	1
24.112.68.208	3	16	1	1
24.92.8.8	3	16	1	1
24.198.96.120	3	16	1	1
24.99.96.131	3	15	1	1
24.98.81.16	3	16	1	1
24.87.77.106	3	16	1	1
24.98.186.231	3	16	1	1
24.214.104.38	3	16	1	1
24.62.250.72	3	16	1	1
24.47.19.144	3	16	1	1
24.201.229.67	3	15	1	1
24.92.146.111	3	16	1	1
24.243.175.144	3	15	1	1
24.165.15.145	3	16	1	1
24.199.188.226	3	18	1	1
24.57.76.37	3	14	1	1
24.200.41.113	3	16	1	1
24.130.204.30	2	15	1	1
24.98.23.210	2	13	1	1
24.214.98.64	2	6	1	1
24.78.148.85	2	15	1	1
24.148.85.85	2	18	1	1
24.34.91.29	2	14	1	1
24.71.47.173	1	14	1	1
24.98.20.14	1	17	1	1
24.140.76.14	1	13	1	1

Destinations receiving this attack signature

Destinations	# Alerts (sig)	# Alerts (total)	# Srcs (sig)	# Srcs (total)
192.168.1.6	952	7770	176	624

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:51 2003