SnortSnarf alert page

Destination: 192.168.1.6: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:28:16.317715 on 04/17/2003
Latest: 13:22:46.834898 on 04/18/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-18:28:16.317715 216.39.48.94:41113 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x11CC87FD  Ack: 0x443DE468  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 328814257 435361094 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:39:03.510258 216.39.48.54:43697 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E1FB2FC  Ack: 0x4F582C24  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329234939 437536378 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:18.916733 24.209.118.134:3636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18580 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4529FE32  Ack: 0x75FC2499  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:19.470421 24.209.118.134:3674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18734 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45468B37  Ack: 0x75DC7108  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:22.685527 24.209.118.134:3969 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19544 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4627B1A2  Ack: 0x75A08770  Win: 0x4440  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:22.939782 24.209.118.134:3983 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19611 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46320BE7  Ack: 0x76501EA8  Win: 0x4440  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:23.127855 24.209.118.134:4007 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4644386C  Ack: 0x75F185C1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:49:23.419924 24.209.118.134:4022 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19698 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4650650C  Ack: 0x75D7D9DE  Win: 0x4440  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:49:23.625370 24.209.118.134:4035 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19762 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x465A17D9  Ack: 0x763040A1  Win: 0x4440  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:23.857936 24.209.118.134:4067 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19817 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46724014  Ack: 0x757ED2C0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.060041 24.209.118.134:4092 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19877 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46852FDA  Ack: 0x75FAFEB0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.304649 24.209.118.134:4110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4691D7F6  Ack: 0x763335D7  Win: 0x4440  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.558852 24.209.118.134:4121 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x469B4A65  Ack: 0x767C5F21  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.759857 24.209.118.134:4142 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46ABE7FF  Ack: 0x7658D76E  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:24.965869 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20117 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB  Ack: 0x768701E1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:27.939743 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21167 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB  Ack: 0x768701E1  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:28.173476 24.209.118.134:4494 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x47C176A2  Ack: 0x769B372F  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:28.436395 24.209.118.134:4521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21367 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x47D75F8D  Ack: 0x767DFB56  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-19:49:31.684194 24.209.118.134:4841 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:22345 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48CE9BC8  Ack: 0x762B09D1  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:55:43.903728 216.39.48.104:37763 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59912 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5BD5D06C  Ack: 0x8DAFF977  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329333370 438048754 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:32.597613 24.209.118.134:4295 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7FFFD638  Ack: 0xB2DBE41B  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:32.929200 24.209.118.134:4680 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35259 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8125B03E  Ack: 0xB2D88765  Win: 0x4440  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.134119 24.209.118.134:4722 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35372 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8146606E  Ack: 0xB28C4149  Win: 0x4440  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.549946 24.209.118.134:4756 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35562 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8163C968  Ack: 0xB2AB0859  Win: 0x4440  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:33.862769 24.209.118.134:4796 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35718 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x817EDA46  Ack: 0xB253B9D0  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-20:05:34.206099 24.209.118.134:4831 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35834 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x819B5684  Ack: 0xB3347A75  Win: 0x4440  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-20:05:38.142535 24.209.118.134:1225 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37090 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82B8ED36  Ack: 0xB340906F  Win: 0x4440  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:39.174161 24.209.118.134:1332 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37360 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x830A7AFE  Ack: 0xB3666904  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:50.204537 24.209.118.134:2221 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39884 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85B7E42E  Ack: 0xB4369E6F  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:50.781432 24.209.118.134:2252 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40008 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85D1EC47  Ack: 0xB4132365  Win: 0x4440  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:51.292490 24.209.118.134:2324 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8605A0C0  Ack: 0xB3BBC22D  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:54.728877 24.209.118.134:2477 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40915 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8684D181  Ack: 0xB41E0012  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:55.694025 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:41280 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862  Ack: 0xB46D8FE7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:05:58.735996 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:42156 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862  Ack: 0xB46D8FE7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:05.075362 24.209.118.134:3573 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44400 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89E15A99  Ack: 0xB4374BC7  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:05.609659 24.209.118.134:3584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44489 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x89EB6605  Ack: 0xB50C99BA  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/17-20:06:09.361589 24.209.118.134:3798 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A8EB3A0  Ack: 0xB4F3FD45  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-22:25:41.745488 216.39.48.4:51786 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x935108D2  Ack: 0xC3F94092  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29575344 442657167 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-22:51:33.075155 64.68.82.25:32776 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:55030 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF4A9D649  Ack: 0x26605089  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 441057484 443451712 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-23:03:53.479929 216.39.48.4:57184 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3408 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2372CAED  Ack: 0x5528ABCD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29804464 443830940 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-23:53:20.020843 216.39.48.104:37349 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25904 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDCCA9CCD  Ack: 0xFC720EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 330758642 445350301 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-01:09:24.038811 216.39.48.44:38253 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56074 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFC49E996  Ack: 0x2E6BEFB0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 321860266 447687873 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-04:22:53.472111 24.209.37.151:1828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2CED16A  Ack: 0x9CFA7D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-04:22:53.491624 24.209.37.151:1828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62726 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2CED71E  Ack: 0x9CFA7D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-04:51:37.260561 66.196.65.24:46316 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:22037 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6D6E12E6  Ack: 0x763D1B93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-06:54:05.281254 24.209.37.151:2073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45561 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1185D9FF  Ack: 0x44748B01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-06:54:05.300243 24.209.37.151:2073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45562 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1185DFB3  Ack: 0x44748B01  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-07:50:22.733623 24.209.37.151:1411 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6695F2  Ack: 0x19557E62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-07:50:22.759256 24.209.37.151:1411 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A669BA6  Ack: 0x19557E62  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:36:43.586703 24.57.76.37:4612 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58985 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD86A2EE2  Ack: 0xAB174F75  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:36:49.352827 24.57.76.37:4942 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59883 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9359523  Ack: 0xAB044A4E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:17.187717 24.57.76.37:1156 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61792 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9C855E0  Ack: 0xAB842C5F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:17.344940 24.57.76.37:1726 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61825 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDBB2B7AD  Ack: 0xACED5CEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-09:37:20.535079 24.57.76.37:1793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61987 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDBEAB7E4  Ack: 0xAD4D6114  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-09:37:23.714666 24.57.76.37:1860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62154 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC26E184  Ack: 0xACD93174  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:26.939886 24.57.76.37:1935 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62343 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC694100  Ack: 0xAD6F1B5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:36.211675 24.57.76.37:2146 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62794 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD284B3E  Ack: 0xAEAFA093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:36.403710 24.57.76.37:2150 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62811 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD2C1934  Ack: 0xAE791341  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.596471 24.57.76.37:2221 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63020 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD698B95  Ack: 0xAEF5F9D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.772904 24.57.76.37:2229 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63043 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD6F456B  Ack: 0xAF5D8ECF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:39.956971 24.57.76.37:2236 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63075 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDD755AA2  Ack: 0xAEEFB3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:37:43.002635 24.57.76.37:2236 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63374 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDD755AA2  Ack: 0xAEEFB3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:38:04.503862 24.57.76.37:2794 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64380 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDF5EEDC0  Ack: 0xB00E0EC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:52:38.723775 24.209.37.151:3305 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB69C306  Ack: 0xE70B1CBA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-09:52:38.765690 24.209.37.151:3305 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB69C8BA  Ack: 0xE70B1CBA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.918970 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF950BA  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.926542 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6184 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF9566E  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-11:23:15.591410 216.39.48.114:49695 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61309 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA2EC417  Ack: 0x3DC4EDDB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 334900090 466551912 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:34:55.818597 24.209.163.52:1708 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7E32856  Ack: 0x6AC15B00  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-11:35:11.966007 216.39.48.24:32914 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28421 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x36D71485  Ack: 0x6B746853  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 316963733 466918808 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:30:45.959262 66.196.65.24:31489 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:41543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3B826B7D  Ack: 0x3DAD8B1F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:44:50.283731 24.209.37.151:4629 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x437FF86E  Ack: 0x71BCCDD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:44:50.306012 24.209.37.151:4629 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x437FFE22  Ack: 0x71BCCDD1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:04.041551 216.39.48.13:49879 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20627 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x43B09D09  Ack: 0x76AC18F2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400361 469096587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:24.710320 24.90.92.167:2662 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26981 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFDD12AF9  Ack: 0x78BCE363  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:27.554673 24.90.92.167:2662 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27359 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFDD12AF9  Ack: 0x78BCE363  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:39.539045 24.90.92.167:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29213 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFF604087  Ack: 0x79241020  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:40.900891 24.90.92.167:3166 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29401 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFF7901A7  Ack: 0x798F9EB2  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:41.699426 24.90.92.167:3215 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29544 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFA18674  Ack: 0x79402189  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:42.722772 24.90.92.167:3245 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFFBB34A3  Ack: 0x79ACD683  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:43.927089 24.90.92.167:3267 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29844 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFCF5AF9  Ack: 0x7941F05F  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:44.929229 24.90.92.167:3298 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30000 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFEB591C  Ack: 0x79A654EA  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:45.844146 24.90.92.167:3340 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30129 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD1AB  Ack: 0x79C0CC77  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:50.501434 24.90.92.167:3459 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7056FB  Ack: 0x79A09C4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:51.173816 24.90.92.167:3505 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30856 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x953D40  Ack: 0x79D2C1D2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:52.209702 24.90.92.167:3525 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30986 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA63932  Ack: 0x7A0FC3B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:53.413176 24.90.92.167:3554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBE5A55  Ack: 0x7991175C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:58.104873 24.90.92.167:3688 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31762 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1363AAE  Ack: 0x7A6120D1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:46:59.233080 24.90.92.167:3722 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31931 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x153C827  Ack: 0x7A4C624D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:47:00.054099 24.90.92.167:3751 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:32092 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x16FC21C  Ack: 0x7A74D200  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:47:11.032799 24.90.92.167:4117 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x29D594C  Ack: 0x7B5F8CA2  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.927427 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC4FFC  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.969805 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC55B0  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:02:28.514555 24.209.37.151:2480 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34094 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC224ACF  Ack: 0xB502580B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:02:28.537078 24.209.37.151:2480 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC225083  Ack: 0xB502580B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:09:18.304478 24.209.37.151:1716 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:24832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17004BBF  Ack: 0xCE314E12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:09:18.347423 24.209.37.151:1716 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:24833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17005173  Ack: 0xCE314E12  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:41.445461 24.62.250.72:4585 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40210 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D9EF49  Ack: 0x19A3FFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:43.506342 24.62.250.72:4620 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40310 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x16FA3660  Ack: 0x19A0908  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:46.834898 24.62.250.72:4685 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40534 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1738DE8F  Ack: 0x15A4A77  Win: 0xFAF0  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]