SnortSnarf alert page

Destination: 192.168.1.6: #1201-1300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:02:59.273068 on 04/30/2003
Latest: 03:30:11.400256 on 05/02/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.273068 24.150.86.224:3196 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25072 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7378F3E  Ack: 0x7CBA066  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.470108 24.150.86.224:3197 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25519 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB7392EA8  Ack: 0x73CCD69  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:03:08.682353 24.150.86.224:3260 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:52208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB788C19E  Ack: 0x80E002B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:30:27.095457 24.55.29.58:1398 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x563B331C  Ack: 0x6FFB986E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:30:27.142705 24.55.29.58:1398 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x563B38D0  Ack: 0x6FFB986E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:55:05.142586 24.160.250.236:1814 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4921 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E6DCE3  Ack: 0xCD2A8C62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:55:05.150348 24.160.250.236:1814 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E6E297  Ack: 0xCD2A8C62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:06:08.332310 24.99.71.129:4510 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A23543  Ack: 0x80892BD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:06:08.333646 24.99.71.129:4510 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A23AF7  Ack: 0x80892BD4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:19:55.190567 24.239.142.141:4754 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42B9AF0  Ack: 0xB4A8A119  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-00:19:55.221357 24.239.142.141:4754 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6834 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42BA0A4  Ack: 0xB4A8A119  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-01:04:58.622777 66.196.65.24:31506 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:19418 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5135058C  Ack: 0x5E293E40  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.341110 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B1098  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-01:20:18.347759 24.209.105.156:4303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x760B164C  Ack: 0x99B2D015  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-02:11:24.783676 24.214.6.207:3000 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2315 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCB41B6D6  Ack: 0x5A3D3DA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-02:11:24.829327 24.214.6.207:3000 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCB41BC8A  Ack: 0x5A3D3DA8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:16:57.318275 24.78.148.85:1705 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34923 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9F6836E3  Ack: 0x167AFD86  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:16:57.807537 24.78.148.85:1718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34962 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9F748D07  Ack: 0x173E9554  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:01.330692 24.78.148.85:1815 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9FC68667  Ack: 0x16C51891  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:04.806857 24.78.148.85:1905 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35599 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA013E843  Ack: 0x177EC342  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:05.050590 24.78.148.85:1913 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35622 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA01A6BB7  Ack: 0x16F1123A  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-05:17:14.609484 24.78.148.85:2102 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C5255F  Ack: 0x181014D6  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-05:17:14.897743 24.78.148.85:2106 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C94AB8  Ack: 0x17EE4FB1  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:15.149810 24.78.148.85:2114 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36240 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0D07475  Ack: 0x17885493  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:24.599476 24.78.148.85:2276 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36759 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA170426E  Ack: 0x18C90258  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:24.834585 24.78.148.85:2279 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1737413  Ack: 0x18C80CB3  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:25.297355 24.78.148.85:2285 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1792C72  Ack: 0x18D1217B  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:25.569409 24.78.148.85:2291 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA17DE064  Ack: 0x18DCEA02  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:29.347267 24.78.148.85:2346 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1B4D69C  Ack: 0x186DF60B  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:29.685959 24.78.148.85:2354 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37012 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA1BBA852  Ack: 0x18C7235E  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:17:30.447176 24.78.148.85:2383 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37093 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1D34D2D  Ack: 0x1888CD4E  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.032030 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1951FF0  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-05:40:09.039178 24.209.105.156:4630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE19525A4  Ack: 0x6F0E1ACE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.408874 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097982  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:35:12.413691 24.209.105.156:4305 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE097F36  Ack: 0x37AF417  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.290462 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC149  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-08:57:36.296671 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x710DC6FD  Ack: 0x589C1EA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-09:07:18.338804 24.132.51.251:4441 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x847191B6  Ack: 0x7CEDF780  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-09:07:18.340101 24.132.51.251:4441 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8471976A  Ack: 0x7CEDF780  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-10:38:39.660694 24.163.219.251:1632 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5625FF  Ack: 0xD55B0939  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.912600 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170A4DF  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:10:09.919340 24.209.105.156:4239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA170AA93  Ack: 0x4D43F74A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:56:14.404290 65.196.39.36:1797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:24270 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0F4068  Ack: 0xFB654A61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-11:56:14.412626 65.196.39.36:1797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:24271 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0F461C  Ack: 0xFB654A61  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:51.067292 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D1B6F  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:51.087393 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D2123  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:07:54.015193 24.198.198.27:3773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3D1B6F  Ack: 0x27ED14AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:13:46.405052 24.145.197.3:3978 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2459 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AA85DD2  Ack: 0x3D982089  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:13:46.413600 24.145.197.3:3978 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2460 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AA86386  Ack: 0x3D982089  Win: 0x16D0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:53:54.269394 24.209.45.97:3481 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE89779E  Ack: 0xD544D103  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-12:53:54.290784 24.209.45.97:3481 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE897D52  Ack: 0xD544D103  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-13:08:05.646342 24.209.45.97:4833 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x439C552F  Ack: 0x9E7BBE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-13:08:05.681853 24.209.45.97:4833 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:20941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x439C5AE3  Ack: 0x9E7BBE4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-14:45:03.853189 209.237.238.158:2001 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:56287 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x1DD3E83F  Ack: 0x78646BCD  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 708341922 1048068618 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:45.963421 24.138.38.206:3471 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:41548 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x19C9F7E9  Ack: 0xDEA2B23B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:46.420859 24.138.38.206:3485 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:41589 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x19D5BBF3  Ack: 0xDEBBA164  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:11:59.299614 24.138.38.206:3784 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:42584 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1AD088B3  Ack: 0xDFA6329D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:03.017307 24.138.38.206:3987 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:42874 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1B78D00E  Ack: 0xE018DCDC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:06.224602 24.138.38.206:4077 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1BCA042C  Ack: 0xDFCA87B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-15:12:06.426026 24.138.38.206:4083 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43135 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1BCF2F49  Ack: 0xE0153978  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/01-15:12:06.668516 24.138.38.206:4090 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:43162 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1BD46B02  Ack: 0xE0212E40  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.334618 24.138.38.206:4428 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1CE8F1BB  Ack: 0xE0F09580  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.552814 24.138.38.206:4564 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44564 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D597DC5  Ack: 0xE136F36E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:19.784591 24.138.38.206:4572 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D60BED8  Ack: 0xE0578081  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.408686 24.138.38.206:4584 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44636 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D6C87C4  Ack: 0xE0733AB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.654121 24.138.38.206:4588 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44661 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D708D44  Ack: 0xE1393137  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:20.941353 24.138.38.206:4597 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:44697 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1D77F013  Ack: 0xE0EB3215  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:23.904533 24.138.38.206:4597 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45024 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1D77F013  Ack: 0xE0EB3215  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:24.318855 24.138.38.206:4743 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45067 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1DEF2909  Ack: 0xE1967107  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:24.517278 24.138.38.206:4747 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1DF261F9  Ack: 0xE0D4DD11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:12:33.911244 24.138.38.206:3165 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:45830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EED5614  Ack: 0xE1E79517  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:38:16.670119 24.209.45.97:4317 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1379407  Ack: 0x429E613F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:38:16.692823 24.209.45.97:4317 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:9413 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA13799BB  Ack: 0x429E613F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:54:18.783179 24.209.45.97:1475 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:19336 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6C1F437  Ack: 0x7E663E37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-15:54:18.803737 24.209.45.97:1475 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:19337 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6C1F9EB  Ack: 0x7E663E37  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.319318 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED762D  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-16:28:57.324760 24.209.105.156:4771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ED7BE1  Ack: 0x1D6E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-17:24:23.347387 24.209.98.148:3213 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:4725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39C6A2A  Ack: 0xD395D3A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-17:24:23.374505 24.209.98.148:3213 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:4726 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39C6FDE  Ack: 0xD395D3A5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-19:19:10.771808 24.209.238.177:2815 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:1032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7573017B  Ack: 0x8450DB52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-19:19:10.805728 24.209.238.177:2815 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:1033 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7573072F  Ack: 0x8450DB52  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.015655 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE92725F2  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:23:02.021614 24.209.105.156:4623 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9272BA6  Ack: 0x75F92067  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:10.792767 24.165.22.49:4370 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47323 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDCD807A0  Ack: 0xFE3B5764  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:11.478050 24.165.22.49:4379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47393 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDCE14EDA  Ack: 0xFF00634F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:12.129747 24.165.22.49:4390 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDCEB5A7D  Ack: 0xFE5C967A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-20:59:21.830116 24.165.22.49:4552 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDD8635C4  Ack: 0xFF55249E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.504851 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49661 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E504298  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:04:12.510885 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E50484C  Ack: 0xD5E71C2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:43:50.364184 24.209.238.177:4430 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:12212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x117627C  Ack: 0x6C3FEAAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/01-23:43:50.401199 24.209.238.177:4430 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:12213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1176830  Ack: 0x6C3FEAAB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.493488 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32369 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8A48A  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-00:08:16.500303 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBF8AA3E  Ack: 0xC9A63FD1  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-00:52:15.002880 24.87.96.216:3555 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2254 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0x878263AC  Ack: 0x6E9E8854  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-00:52:15.334467 24.87.96.216:3555 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2255 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x8782643F  Ack: 0x6E9E89C2  Win: 0xF982  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.892152 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CDFFD  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-01:50:10.902010 24.209.105.156:4516 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28153 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77CE5B1  Ack: 0x4973FC6A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:07.826942 24.74.84.124:4352 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37613 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x461CDA4D  Ack: 0xC1C6AB75  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:09.632645 24.74.84.124:4524 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37912 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x46AC718A  Ack: 0xC22699DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:11.400256 24.74.84.124:4582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38184 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46DD0A52  Ack: 0xC2333196  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]