SnortSnarf alert page

Destination: 192.168.1.6: #101-200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:22:47.139930 on 04/18/2003
Latest: 15:44:29.953731 on 04/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:47.139930 24.62.250.72:4690 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:40560 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x173E7431  Ack: 0x1D29487  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:22:56.648119 24.62.250.72:4872 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41072 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x17DAD2DB  Ack: 0x22849EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:22:56.958935 24.62.250.72:4881 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41095 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x17DF2CE8  Ack: 0x25933DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:23:00.145221 24.62.250.72:4891 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41234 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x17E64776  Ack: 0x1B10FC0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:03.743297 24.62.250.72:1027 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41334 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1838498E  Ack: 0x1F44012  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:04.017295 24.62.250.72:1031 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x183B9EC9  Ack: 0x249B7FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:07.548641 24.62.250.72:1091 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41554 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18744665  Ack: 0x30DF9EE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.208475 24.62.250.72:1147 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41707 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18A9D704  Ack: 0x32E0529  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.446613 24.62.250.72:1150 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41724 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18ACB1F7  Ack: 0x2A24B11  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.697741 24.62.250.72:1158 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41737 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x18B17918  Ack: 0x298A9A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:11.964459 24.62.250.72:1162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41750 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18B51B85  Ack: 0x27EFAA2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:12.196519 24.62.250.72:1167 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41762 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x18B9BF0F  Ack: 0x36D72ED  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-13:23:15.673552 24.62.250.72:1210 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18E63F9F  Ack: 0x360A647  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-13:34:29.822269 216.39.48.4:39990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFB396F6C  Ack: 0x2D6053F5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 35026858 470584857 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-14:05:08.650806 66.196.65.24:61789 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:1744 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x12D1618  Ack: 0xA16E9A04  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.949826 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC22DF  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.976923 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC2893  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:56:32.996190 24.209.37.151:2298 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9610C8A2  Ack: 0x6307A45C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:56:33.018624 24.209.37.151:2298 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9610CE56  Ack: 0x6307A45C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-15:16:56.089019 24.209.37.151:3051 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:29847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3755C236  Ack: 0xB111BA06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-15:16:56.104108 24.209.37.151:3051 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:29848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3755C7EA  Ack: 0xB111BA06  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:31:22.679982 216.39.48.64:56727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45758 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB38E6E76  Ack: 0xE7BB5447  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336387295 474176592 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:35:01.489515 216.239.46.134:19176 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:21141 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xC0591F69  Ack: 0xF434C177  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39503278 474288581 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:54:56.420065 216.39.48.64:39025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8485 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC4229C  Ack: 0x3FDAC7A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336528636 474900661 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-16:25:21.895013 24.147.6.158:2225 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8CAA3F  Ack: 0xB3517360  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-16:25:21.901769 24.147.6.158:2225 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8CAFF3  Ack: 0xB3517360  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:02:08.998107 24.209.37.151:1279 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x665FB530  Ack: 0x3D0D8B49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:02:09.019881 24.209.37.151:1279 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x665FBAE4  Ack: 0x3D0D8B49  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.548533 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE16CE  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.577902 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE1C82  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:27:06.240044 24.209.37.151:2186 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20ECE23A  Ack: 0x9C119B5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:27:06.265624 24.209.37.151:2186 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20ECE7EE  Ack: 0x9C119B5C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:45:39.656339 24.209.37.151:2473 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8B5BDE0  Ack: 0xE1EF93FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:45:39.678076 24.209.37.151:2473 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8B5C394  Ack: 0xE1EF93FC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-18:24:17.920000 216.39.48.104:57461 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19834 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x407FE494  Ack: 0x73DB2904  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337422843 479490518 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-18:34:05.737194 216.39.48.84:35930 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21142 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x64D7D854  Ack: 0x9942EA00  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337480405 479791591 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.546495 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF3F51  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.562813 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65235 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF4505  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:39:43.355214 24.209.37.151:1309 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D4D564B  Ack: 0xAE899AD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:39:43.376481 24.209.37.151:1309 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D4D5BFF  Ack: 0xAE899AD9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-19:27:56.442406 24.61.163.31:3796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA30D0C25  Ack: 0x649104FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-19:27:56.443681 24.61.163.31:3796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA30D11D9  Ack: 0x649104FC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-19:50:28.623158 216.39.48.54:37118 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10228 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x85BAB47E  Ack: 0xB977EC1E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337941406 482138803 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-19:59:29.067962 66.196.65.24:16916 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:25365 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x30F2E9B  Ack: 0xDB4D1621  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-20:01:51.864162 216.39.48.33:58743 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15116 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB12D6409  Ack: 0xE41ECA26  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 328752910 482488750 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-20:04:08.805929 216.39.48.94:44876 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12704 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB969D227  Ack: 0xECDFF130  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338027461 482558888 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:13:31.211212 24.67.245.128:2549 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x98D58292  Ack: 0x111F7C1C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:13:31.259473 24.67.245.128:2549 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52451 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x98D58846  Ack: 0x111F7C1C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.805120 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9449 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D6B70  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.834013 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D7124  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:03:59.948809 216.39.48.44:51873 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42050 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9B262E75  Ack: 0xCF7BB42F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329026116 484398152 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:24:36.212313 216.39.48.74:46870 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64913 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE90FD7AE  Ack: 0x1DC3FB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338504241 485031334 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:29:54.287864 204.210.234.90:49266 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:20125 IpLen:20 DgmLen:380 DF
***AP*** Seq: 0x3E8D4229  Ack: 0x31B77ACD  Win: 0x8218  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2029997262 485194260

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.537805 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4554  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.570066 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4B08  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:41:32.388653 216.39.48.114:40093 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20992 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x28569027  Ack: 0x5D673887  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338608916 485551795 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.230199 24.30.204.145:2104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42658 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5260352C  Ack: 0x78788FDA  Win: 0x2058  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.576051 24.30.204.145:2131 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8099 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B162DDA  Ack: 0x77908843  Win: 0x2058  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:15.699290 24.30.204.145:2142 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19107 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB496E859  Ack: 0x77B3ECE5  Win: 0x2058  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:25.048238 24.30.204.145:2872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:2222 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xADE179E2  Ack: 0x7899F6B2  Win: 0x2058  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.334164 24.30.204.145:3147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14770 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x989BBFB3  Ack: 0x78F01E06  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-22:56:28.435078 24.30.204.145:3154 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:21938 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A372164  Ack: 0x78BFD2BB  Win: 0x2058  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-22:56:28.541251 24.30.204.145:3168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29874 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x574C3090  Ack: 0x78B7DA34  Win: 0x2058  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.659429 24.30.204.145:3172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40882 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x77BA6AFE  Ack: 0x7850C203  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.782366 24.30.204.145:3175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D25A006  Ack: 0x78B6B302  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.873960 24.30.204.145:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x752C4494  Ack: 0x78EBBCCF  Win: 0x2058  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:28.989889 24.30.204.145:3195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64946 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59F6A270  Ack: 0x790C2F3B  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.098278 24.30.204.145:3205 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8115 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67C45942  Ack: 0x78A2868A  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.205272 24.30.204.145:3208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12979 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3EF8D977  Ack: 0x787023AE  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.304320 24.30.204.145:3216 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23219 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A45080F  Ack: 0x793A81F0  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.422006 24.30.204.145:3232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40E327D8  Ack: 0x78814813  Win: 0x2058  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-22:56:29.544125 24.30.204.145:3244 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50611 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x437E4655  Ack: 0x79452B2B  Win: 0x2058  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:12.628226 24.130.219.16:3746 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15730 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD006301E  Ack: 0xB0775A17  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:13.226546 24.130.219.16:3758 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15768 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD011E9B0  Ack: 0xB120887B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:16.827644 24.130.219.16:3814 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15952 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD0486AA5  Ack: 0xB1130040  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:17.667883 24.130.219.16:3825 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15981 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD0543AEB  Ack: 0xB0D5556C  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:21.256965 24.130.219.16:3872 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16086 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0828AFD  Ack: 0xB0DA5E3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-00:19:24.895509 24.130.219.16:3921 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16223 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD0B28798  Ack: 0xB17EF5D1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-00:19:34.418828 24.130.219.16:4054 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16584 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD13483F9  Ack: 0xB27F50AA  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:38.202240 24.130.219.16:4118 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16784 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD16FC7E7  Ack: 0xB228F44F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:47.934602 24.130.219.16:4243 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17096 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1F214A9  Ack: 0xB2769C4E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:19:57.738051 24.130.219.16:4362 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17419 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD26DFFD0  Ack: 0xB3B9B55F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:01.045304 24.130.219.16:4430 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17637 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD2AB1544  Ack: 0xB3E20324  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:04.645897 24.130.219.16:4498 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17855 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD2E81C6E  Ack: 0xB3CB019C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:04.967541 24.130.219.16:4502 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17872 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD2EC2217  Ack: 0xB43346CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:08.296820 24.130.219.16:4553 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18030 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD31D7BAA  Ack: 0xB39C8113  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:11.286064 24.130.219.16:4553 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18145 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD31D7BAA  Ack: 0xB39C8113  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:11.590088 24.130.219.16:4600 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18156 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD34AB747  Ack: 0xB4129C2A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-00:20:12.073918 24.130.219.16:4602 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18174 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD34D4C0A  Ack: 0xB44BEA6E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:27:28.885322 24.209.37.151:1486 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5907135  Ack: 0xB1CB6242  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:27:28.910900 24.209.37.151:1486 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20533 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD59076E9  Ack: 0xB1CB6242  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-01:32:47.682709 66.196.65.24:35164 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:32457 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x67B2E73C  Ack: 0xC6EE486F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:40:39.840584 24.209.37.151:4806 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30255 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x22FCED54  Ack: 0xE476A84B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/19-01:40:39.878911 24.209.37.151:4806 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:30256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x22FCF308  Ack: 0xE476A84B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-02:49:15.804594 216.39.48.13:38209 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36287 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB26F7612  Ack: 0xE83B3D49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 340458426 495008215 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:01:10.264487 216.39.48.33:39404 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFA32D5E  Ack: 0x14CC717E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 331268051 495374136 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:35:50.112135 216.39.48.84:53114 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:26607 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x627A4740  Ack: 0x98996BF5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 340730081 496439369 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-03:48:03.106583 66.196.65.24:65527 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:20324 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9415F5B7  Ack: 0xC64D74F1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-04:53:30.671532 216.39.48.24:42604 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12285 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8887AB01  Ack: 0xBD355E56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 323192072 498826382 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-15:44:29.953731 216.39.48.94:60578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3789 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE147728C  Ack: 0x1D5D5E01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371031118 651631392 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]