[Silicon Defense logo]

SnortSnarf signature page

WEB-IIS CodeRed v2 root.exe access

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

680 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 19:49:18.916733 on 04/17/2003
Latest such alert at 04:46:56.419521 on 06/17/2003

WEB-IIS CodeRed v2 root.exe access 204 sources 1 destinations
Priority: 1Classification: Web Application Attack
[url:www.cert.org/advisories/CA-2001-19.html] [sid:1256]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
24.209.105.1563630611
24.209.39.2463232611
24.209.174.03025011
24.209.219.1622721311
24.209.11.98129911
24.63.13.134107611
24.209.191.911013611
24.209.219.95108111
24.245.2.23386611
24.209.18.19786511
24.126.82.2284911
24.130.219.1665011
24.209.113.1165211
24.44.2.16565111
24.35.68.6864911
24.130.75.3361411
24.242.253.12262311
24.189.230.11864011
24.93.48.9164111
24.129.102.20562711
24.209.40.21964911
24.209.42.24267711
24.114.7.12152511
24.98.140.13454611
24.98.50.14243211
24.98.69.17243311
24.148.85.8541811
24.157.153.20442111
24.166.45.3743211
24.57.13.7843311
24.219.28.22143411
24.166.119.8841911
24.99.37.18643411
24.29.173.8143311
24.99.137.15343311
24.157.173.3943311
24.74.84.12443411
24.98.20.1441711
24.245.36.14242111
24.125.85.18743211
24.218.160.23842211
24.243.144.1342011
24.112.153.4443311
24.98.99.14143111
24.98.22.11742511
24.46.127.15743211
24.112.193.14543011
24.209.118.13443411
24.186.148.2443311
24.150.202.3743211
24.208.193.21842011
24.199.188.22631811
24.61.174.15831811
24.242.248.24833111
24.98.61.17731811
24.90.92.16731711
24.243.238.24821611
24.74.33.15521511
24.202.34.7221611
24.150.116.1021611
24.209.36.194212911
24.158.6.1521611
24.160.66.262211
24.30.227.13621711
24.126.254.1321711
24.204.108.6121711
24.70.71.23621611
24.160.23.5321511
24.91.73.15221611
24.66.107.8721611
24.74.152.24921611
24.192.37.2172311
24.148.73.9021011
24.99.49.21021611
24.114.70.18221611
24.59.74.4721711
24.92.8.821611
24.198.96.12021611
24.140.76.1421311
24.30.115.9321811
24.98.81.1621611
24.98.23.21021311
24.191.37.11321711
24.87.77.10621611
24.98.186.23121611
24.214.104.3821611
24.218.253.6721711
24.57.76.3721411
24.138.38.20621711
24.217.213.11121111
24.201.23.6321611
24.136.163.1372611
24.91.57.21121611
24.153.56.2621611
24.199.65.16221011
24.160.157.7921611
24.126.120.8821611
24.85.206.15221811
24.127.23.322211
24.206.140.7821611
24.84.101.19421611
24.205.10.24721611
24.127.15.1622111
24.209.36.20721711
24.25.55.9321611
24.54.164.10521611
24.106.83.10221611
24.148.37.19621611
24.76.98.11321611
24.188.213.732311
24.167.224.15021711
24.157.60.4822011
24.71.58.20821711
24.60.182.12421511
24.162.219.20321611
24.91.103.15221811
24.91.112.14921811
24.162.12.21021611
24.130.204.3021511
24.202.81.5921611
24.94.212.16621611
24.214.128.12621611
24.164.56.16521711
24.239.167.1792211
24.28.27.20121711
24.150.19.12321611
24.225.185.1402811
24.98.129.25121211
24.203.221.521811
24.158.5.11321611
24.62.112.14821611
24.98.31.2002211
24.120.188.23621611
24.201.150.21821711
24.99.136.1621411
24.114.38.3721111
24.208.232.17321611
24.198.148.10421711
24.214.98.642611
24.198.96.14921611
24.118.102.1482511
24.161.112.4021611
24.197.103.21021611
24.91.100.1802811
24.99.90.2821611
24.29.111.1662911
24.220.31.321611
24.203.10.19421711
24.43.35.5021511
24.226.120.16721711
24.165.22.492411
24.203.122.2222611
24.226.59.10421711
24.114.19.20321611
24.131.113.372911
24.201.83.15221611
24.174.223.21221611
24.161.94.6121611
24.78.148.8521511
24.101.10.5121111
24.202.192.1412411
24.150.22.13921811
24.50.102.8821611
24.114.84.14321711
24.52.59.2521811
24.202.15.24021611
24.203.49.122911
24.148.68.17721711
24.160.16.4621711
24.205.137.1221611
24.30.204.14521611
24.95.244.12921711
24.147.143.3221811
24.34.222.5221911
24.236.70.221711
24.140.13.15521711
24.98.223.23321511
24.237.65.1672611
24.112.68.20821611
24.171.142.3221711
24.60.106.18521611
24.71.47.17321411
24.114.34.2421811
24.201.31.4121711
24.102.69.642211
24.123.41.13021711
24.122.7.1362711
24.62.250.7221611
24.47.19.14421611
24.201.229.6721511
24.92.146.11121611
24.165.15.14521611
24.84.94.19521711
24.198.102.6021711
24.200.41.11321611
24.150.35.19421611
24.34.44.1312211
24.34.91.2921411
24.175.171.18011511
24.99.96.13111511
24.102.203.621111
24.243.175.14411511
24.202.106.811111
24.201.185.1251111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.66807770204624

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:48 2003