SnortSnarf alert page

Destination: 192.168.1.6: #1101-1200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:06:25.762687 on 04/29/2003
Latest: 19:02:59.073342 on 04/30/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:25.762687 24.99.37.186:3544 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9EE75DE5  Ack: 0xBFF8F137  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-13:13:14.509891 66.196.65.24:16869 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:40800 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2DEDC0F8  Ack: 0x9EE5005A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-13:44:25.111686 24.209.37.151:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7BE2E36F  Ack: 0x14445A42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-13:44:25.163943 24.209.37.151:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21537 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7BE2E923  Ack: 0x14445A42  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-14:53:17.064759 66.196.65.24:60637 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:13130 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6AE1FAE9  Ack: 0x18459BBD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-17:43:12.676302 216.28.165.181:47980 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:8925 IpLen:20 DgmLen:351
***AP*** Seq: 0xEB719AAE  Ack: 0x97E24E29  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:40.092153 24.245.36.142:4265 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39992 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCCE445CD  Ack: 0x355AB4A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:41.320721 24.245.36.142:4313 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40209 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD0C4687  Ack: 0x2C41E23  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:51.171532 24.245.36.142:4763 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41704 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCE5A75C9  Ack: 0x4F10A92  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:51.691649 24.245.36.142:4774 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41767 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCE6089E8  Ack: 0x44A1171  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:52.205477 24.245.36.142:4808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41837 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE718A31  Ack: 0x4442609  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:18:55.839098 24.245.36.142:4820 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCE78D501  Ack: 0x4FEA6F9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:18:56.192820 24.245.36.142:1097 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCEFE82C3  Ack: 0x49D65D4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:18:56.459642 24.245.36.142:1109 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42500 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCF08A1D2  Ack: 0x4D0F6B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:00.415036 24.245.36.142:1127 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCF18B505  Ack: 0x493B26C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:00.792930 24.245.36.142:1275 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43123 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCF94246E  Ack: 0x5983A10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:10.476100 24.245.36.142:1639 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44479 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BF7804  Ack: 0x602A149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:10.842215 24.245.36.142:1659 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44544 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0CF5FA4  Ack: 0x5CAD995  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:18.114538 24.245.36.142:1796 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45571 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD1454DF2  Ack: 0x6B71F7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:18.644291 24.245.36.142:1946 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45647 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B99809  Ack: 0x63BE36C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:21.425364 24.245.36.142:1946 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46051 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B99809  Ack: 0x63BE36C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:21.969927 24.245.36.142:2071 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46132 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD2224D6B  Ack: 0x6F26801  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:19:22.625104 24.245.36.142:2079 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46213 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD229F959  Ack: 0x6F316F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:21.979239 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1538B81  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:22.079282 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1539135  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:28:24.925252 24.159.178.25:2138 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1538B81  Ack: 0x279B5EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:45:53.484967 24.172.109.75:2922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E3BD71  Ack: 0x6A35442A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:45:53.491283 24.172.109.75:2922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E3C325  Ack: 0x6A35442A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:15.955340 24.186.148.24:3182 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14781 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E37C5BA  Ack: 0x893A4B7E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:16.070598 24.186.148.24:3186 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14792 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5E3B49FC  Ack: 0x896387CE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:19.622232 24.186.148.24:3230 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14894 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5E688012  Ack: 0x89F08C4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:29.049907 24.186.148.24:3364 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5EEF2379  Ack: 0x8A56EE87  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:29.200750 24.186.148.24:3368 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15259 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5EF33358  Ack: 0x89DA0ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:54:29.359942 24.186.148.24:3371 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15272 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF5EF89  Ack: 0x89BCD35C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-19:54:29.502479 24.186.148.24:3372 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15283 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF781F6  Ack: 0x8A7E7E2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:38.910607 24.186.148.24:3486 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15583 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5F70BB20  Ack: 0x8AEACAD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.291262 24.186.148.24:3533 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15692 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA1B82E  Ack: 0x8BC0DAEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.438491 24.186.148.24:3534 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15698 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA348EF  Ack: 0x8C3235C6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.567125 24.186.148.24:3536 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15708 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA573FA  Ack: 0x8BC367D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.697813 24.186.148.24:3539 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA81C24  Ack: 0x8C5924D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.842623 24.186.148.24:3541 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15727 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5FAA6337  Ack: 0x8C71C398  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:42.979090 24.186.148.24:3543 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FAC1B5C  Ack: 0x8BF93B4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:43.090329 24.186.148.24:3545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15741 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5FAE1F29  Ack: 0x8C2E604D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-19:54:46.565526 24.186.148.24:3588 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15836 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FD986E1  Ack: 0x8CAC6C4C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-20:10:18.624181 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40563 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15AAA68D  Ack: 0xC6F9585C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-20:10:18.646744 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40564 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15AAAC41  Ack: 0xC6F9585C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-20:32:42.269364 12.148.209.198:64444 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:5110 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0x34EF7298  Ack: 0x1A91B502  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 184776565 970248711 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:04.895768 24.130.75.33:4684 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:10100 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x67DB4B2  Ack: 0xB6652513  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:16.028350 24.130.75.33:4719 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:10887 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x69E76EE  Ack: 0xB7023A01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:14:19.877996 24.130.75.33:4954 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:11235 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7763CEE  Ack: 0xB75B3667  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:18:17.268753 24.90.188.91:4728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE96D4C94  Ack: 0xC7474930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:18:17.312260 24.90.188.91:4728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE96D5248  Ack: 0xC7474930  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:24:52.896252 24.209.203.150:4633 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64DF33  Ack: 0xDF8E34A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:24:52.946411 24.209.203.150:4633 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64E4E7  Ack: 0xDF8E34A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:35:37.335302 24.94.192.41:1370 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42353 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB63B03D0  Ack: 0x8655D5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:35:37.348094 24.94.192.41:1370 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42354 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB63B0984  Ack: 0x8655D5D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-21:39:51.358505 24.201.185.125:3898 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:8769 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x317BF622  Ack: 0x1814E937  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:19:49.390600 24.209.203.150:4346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC760B557  Ack: 0xAEC48A04  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:19:49.414173 24.209.203.150:4346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33801 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC760BB0B  Ack: 0xAEC48A04  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:14.656775 24.192.37.217:3282 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45949 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D099B78  Ack: 0xD6EAC3F8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:23.183376 24.192.37.217:3368 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46245 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2D6C2379  Ack: 0xD806CB72  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-22:30:33.288634 24.192.37.217:3464 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46602 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD06C35  Ack: 0xD87362EC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:00.512778 24.126.120.88:1076 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6035 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB0E610D7  Ack: 0xC01030E3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:04.413787 24.126.120.88:1362 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6663 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB1D4A64B  Ack: 0xC0E12369  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:05.999487 24.126.120.88:1419 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6907 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1FFFE1B  Ack: 0xC0CA4804  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:07.659826 24.126.120.88:1479 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7143 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB230119F  Ack: 0xC0913BD6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:21.496828 24.126.120.88:1880 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9258 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB3872FB3  Ack: 0xC1C39946  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-23:32:22.945129 24.126.120.88:2054 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9515 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB4194BF7  Ack: 0xC1EA26A8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-23:32:33.455674 24.126.120.88:2443 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11192 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB55F5CB8  Ack: 0xC2BBE19E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:34.938859 24.126.120.88:2490 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11456 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB584B0F0  Ack: 0xC2463223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:32:45.224757 24.126.120.88:2561 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13273 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5C035B4  Ack: 0xC263A37C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:07.786753 24.126.120.88:3769 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:17016 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9B5F8BD  Ack: 0xC44E7AC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:12.280651 24.126.120.88:3831 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:17738 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9ECD922  Ack: 0xC52A4CED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:13.693392 24.126.120.88:4005 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:18021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA7E2B8B  Ack: 0xC5807149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:24.057162 24.126.120.88:4419 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:19772 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBBCBEB82  Ack: 0xC6AD08DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:25.683433 24.126.120.88:4472 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20046 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBF98DD5  Ack: 0xC648328B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:27.248994 24.126.120.88:4536 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20301 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBC2FEA8F  Ack: 0xC692B649  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-23:33:28.695548 24.126.120.88:4607 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20578 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBC67608A  Ack: 0xC6A1B094  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:32:26.142943 24.163.219.251:2332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47560 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA66555  Ack: 0xF50BEF06  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:32:26.170714 24.163.219.251:2332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47561 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA66B09  Ack: 0xF50BEF06  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:47:18.399344 218.18.72.33:3993 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:46816 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xB0C74DF6  Ack: 0x2CCD74DA  Win: 0x4290  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-06:47:18.421400 218.18.72.33:3993 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:46817 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xB0C75382  Ack: 0x2CCD74DA  Win: 0x4290  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-09:17:15.055032 24.100.74.154:2081 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854914B6  Ack: 0x63493401  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-09:17:15.119589 24.100.74.154:2081 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60111 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85491A6A  Ack: 0x63493401  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-11:53:48.961994 66.27.55.14:48629 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:1389 IpLen:20 DgmLen:153 DF
***AP*** Seq: 0x14019EB9  Ack: 0xB1E6E83B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 707501163 998554535 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-11:56:47.084783 80.212.222.63:1886 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39719 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xD50D7F6E  Ack: 0xBD68E668  Win: 0x26D4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-11:56:47.189709 80.212.222.63:1886 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39720 IpLen:20 DgmLen:1460 DF
***A**** Seq: 0xD50D84FA  Ack: 0xBD68E668  Win: 0x26D4  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-13:17:35.743621 219.155.227.118:3781 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:6909 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9A593954  Ack: 0xEF029195  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-13:17:39.168004 219.155.227.118:3781 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:7274 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9A593EB8  Ack: 0xEF029195  Win: 0x40B0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-16:21:32.240459 24.160.33.54:1913 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12710 IpLen:20 DgmLen:1446 DF
***A**** Seq: 0xF5C620BA  Ack: 0xA57267BB  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-16:21:32.250951 24.160.33.54:1913 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12711 IpLen:20 DgmLen:1446 DF
***A**** Seq: 0xF5C62638  Ack: 0xA57267BB  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.132243 24.150.86.224:3156 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18958 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB70795FD  Ack: 0x6D2BE48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.369125 24.150.86.224:3157 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18984 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7090F85  Ack: 0x735FDCF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.546942 24.150.86.224:3158 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB70AD16D  Ack: 0x7405A43  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.760101 24.150.86.224:3160 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:19009 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70D295A  Ack: 0x71B1C57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.203622 24.150.86.224:3185 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72B97D9  Ack: 0x6F4D733  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.404701 24.150.86.224:3188 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72E221E  Ack: 0x7B27A7F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.584981 24.150.86.224:3189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72F6E18  Ack: 0x7B6E7B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.808754 24.150.86.224:3193 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7332BB0  Ack: 0x7E61187  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.073342 24.150.86.224:3195 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24713 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB7357D03  Ack: 0x7C7F3BE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]