SnortSnarf alert page

Destination: 192.168.1.6: #1901-2000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:24:27.164771 on 05/05/2003
Latest: 15:00:25.611247 on 05/05/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:27.164771 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.058588 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.478937 24.209.39.246:4534 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11292 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83F9770A  Ack: 0x81BCA7F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:39.785645 24.209.39.246:4806 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84E1BF21  Ack: 0x829D13FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.052144 24.209.39.246:4939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB6EFBA0  Ack: 0xD521AD25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.170288 24.209.39.246:4942 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44370 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB7125CE  Ack: 0xD5638833  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.430491 24.209.39.246:1254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC676BE6  Ack: 0xD5C47FBE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.527317 24.209.39.246:1257 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45357 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC6A8DFD  Ack: 0xD6767E43  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.629957 24.209.39.246:1261 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6DF07B  Ack: 0xD5907996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:43.878282 24.209.39.246:1607 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46785 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9738E1  Ack: 0xD6B1782B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:46.975343 24.209.39.246:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47123 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9D7FA5  Ack: 0xD65CF105  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:47.078694 24.209.39.246:1714 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47140 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDF37BF8  Ack: 0xD6643296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.365666 24.209.39.246:1807 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4491F5  Ack: 0xD6D9879F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.525394 24.209.39.246:1810 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE47683E  Ack: 0xD6FB129B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.760110 24.209.39.246:2033 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1071C7  Ack: 0xD7E1F483  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.858795 24.209.39.246:2036 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF12D5BB  Ack: 0xD73098F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.144799 24.209.39.246:2262 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49129 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD506CD  Ack: 0xD7A50D8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.217840 24.209.39.246:2264 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD6C8CE  Ack: 0xD8476BFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.281163 24.209.39.246:2265 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFD7C24E  Ack: 0xD83AB124  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.369972 24.209.39.246:2344 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49500 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x101B34E5  Ack: 0xD837C2E2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.731184 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5264 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C7F416  Ack: 0x2D05AB5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:44.959313 24.209.105.156:3969 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89CFEE34  Ack: 0x2CF9169C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:09:57.853579 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A9DFEE0  Ack: 0x2D7AE990  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.210458 24.209.105.156:4618 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7326 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEEF2B4  Ack: 0x2E8A7CE0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:07.343027 24.209.105.156:4622 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BF268A3  Ack: 0x2DF4302D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:07.446386 24.209.105.156:4625 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BF57560  Ack: 0x2DBCDC5C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:10:16.762040 24.209.105.156:4919 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8406 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8CE8C40C  Ack: 0x2E77A477  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.133175 24.209.105.156:3005 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8697 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8D31EFDB  Ack: 0x2E9F7506  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.223924 24.209.105.156:3012 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3694A1  Ack: 0x2F52B08B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.306055 24.209.105.156:3015 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D39B59D  Ack: 0x2F1F25C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:20.412097 24.209.105.156:3018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3BA5FE  Ack: 0x2E814CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.720186 24.209.105.156:3313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8E3AAC97  Ack: 0x3008DF33  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.840280 24.209.105.156:3317 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8E3DE342  Ack: 0x2F508D71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:29.920485 24.209.105.156:3320 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9843 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E40D0FB  Ack: 0x2FC17A50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.047743 24.209.105.156:3323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9864 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8E439DA6  Ack: 0x2FBA0935  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:10:30.167673 24.209.105.156:3330 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E491C53  Ack: 0x2FDEFC85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:38.409414 24.218.160.238:4293 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55235 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x61606C3F  Ack: 0xCEE5FAED  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:48.665824 24.218.160.238:4590 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56760 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x62632F9E  Ack: 0xCFF84CCD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:49.124532 24.218.160.238:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56831 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62723EB7  Ack: 0xD02BD82C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:49.576814 24.218.160.238:4622 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56924 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x627ED207  Ack: 0xCFDD5C23  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:52:59.417932 24.218.160.238:4914 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58373 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x637D6DE1  Ack: 0xD04D414B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:53:00.057314 24.218.160.238:4923 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58450 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6385FC16  Ack: 0xD0242A80  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-12:53:09.900673 24.218.160.238:1246 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6487583A  Ack: 0xD1266445  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:10.387546 24.218.160.238:1267 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59998 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x649928F9  Ack: 0xD1AD7589  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:14.481957 24.218.160.238:1368 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60541 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64F490EC  Ack: 0xD19C03E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:14.933501 24.218.160.238:1384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x650157E0  Ack: 0xD116CF97  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:24.935699 24.218.160.238:1643 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65E87645  Ack: 0xD21FA2AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:31.968310 24.218.160.238:1750 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62818 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6646CF03  Ack: 0xD28ED360  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:32.483321 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62903 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716  Ack: 0xD2C1A747  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:35.468378 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63344 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716  Ack: 0xD2C1A747  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:35.968847 24.218.160.238:1952 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66F7D6BC  Ack: 0xD31E166E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:36.465592 24.218.160.238:1962 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63503 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67006847  Ack: 0xD278A822  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-12:53:36.945904 24.218.160.238:1985 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67128671  Ack: 0xD31D7E40  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.702040 24.209.105.156:4203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x22F7E7AC  Ack: 0x275DDEB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.877107 24.209.105.156:4208 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16311 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x22FC0BF7  Ack: 0x279AEB1A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:09.960500 24.209.105.156:4210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FE1FC4  Ack: 0x274EC4BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.085352 24.209.105.156:4212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22FFF8FD  Ack: 0x271FA50B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:10.182096 24.209.105.156:4218 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16349 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23045518  Ack: 0x2731A3A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.290630 24.209.105.156:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x23079DF8  Ack: 0x279B08A6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:16:10.423429 24.209.105.156:4226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x230B3642  Ack: 0x271B65CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:13.736049 24.209.105.156:4308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16578 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x235545D5  Ack: 0x27C4DE16  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.328364 24.209.105.156:4421 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23B4F863  Ack: 0x279F1F0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:20.425840 24.209.105.156:4507 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x23FE9481  Ack: 0x27AA7087  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.319095 24.209.105.156:4798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24EFD0F6  Ack: 0x2906B7EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:33.398421 24.209.105.156:4914 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:18313 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25516B21  Ack: 0x28A7E8A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:42.802073 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19172 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x264646C4  Ack: 0x2AF09645  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.868752 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2694B634  Ack: 0x2A2713CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:45.972069 24.209.105.156:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19470 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x269916DD  Ack: 0x2A57135F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:16:46.098697 24.209.105.156:3309 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:19485 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x269F79CF  Ack: 0x2A27B41D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:37.553868 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62644 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA192DD5E  Ack: 0x7119847C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:47.498178 24.209.39.246:3837 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63720 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA281E108  Ack: 0x71E279C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:59.840359 24.209.39.246:4166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65402 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3944428  Ack: 0x721E4270  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.200564 24.209.39.246:4275 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:344 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3F1FEC9  Ack: 0x725EC344  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.388853 24.209.39.246:4391 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA451A78E  Ack: 0x727B5704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:03.659764 24.209.39.246:4400 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:412 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA45933B3  Ack: 0x731D3559  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:07.447072 24.209.39.246:4491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:783 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA4AC074C  Ack: 0x73013569  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:11.097161 24.209.39.246:4503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1177 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4B63AD5  Ack: 0x72CAACA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.727433 24.209.39.246:4692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA55A1ACE  Ack: 0x72E70A81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.939930 24.209.39.246:4703 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5636195  Ack: 0x7304C0A3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:00.422658 24.209.39.246:2073 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9DFBC65  Ack: 0x7620A399  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:10.016249 24.209.39.246:2368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8300 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAADB4C19  Ack: 0x76DC53D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.722076 24.209.39.246:2471 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8719 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAB33D055  Ack: 0x771F8A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.830845 24.209.39.246:2485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB3F52DA  Ack: 0x76810866  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.920156 24.209.39.246:2490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8756 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAB43BE24  Ack: 0x76921BB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:14.013789 24.209.39.246:2494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8769 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB473E7C  Ack: 0x76B89DCD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:47:15.178255 24.130.74.15:4936 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63648 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5CA7BE9  Ack: 0x9D09CDA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:47:15.186392 24.130.74.15:4936 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63649 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5CA819D  Ack: 0x9D09CDA9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:42:09.832328 24.165.15.177:4588 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D234B04  Ack: 0x6D75E73E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:42:09.840109 24.165.15.177:4588 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D2350B8  Ack: 0x6D75E73E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:59:58.408866 24.209.39.246:1178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3237 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EDDEDA7  Ack: 0xAF963583  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.230828 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9FF1CFCC  Ack: 0xB0B308C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.374137 24.209.39.246:1631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05AA0A0  Ack: 0xB0B23F34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:20.934168 24.209.39.246:1960 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6824 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA16FF828  Ack: 0xB1A0F720  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:21.127210 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA17750E0  Ack: 0xB0C19948  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.390193 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6901 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA17BC108  Ack: 0xB111C1B3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.731078 24.209.39.246:1981 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6951 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA181DD1B  Ack: 0xB11833CA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.200160 24.209.39.246:2119 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7587 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1F4CE6B  Ack: 0xB17B37A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.318700 24.209.39.246:2123 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7610 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1F8B548  Ack: 0xB11A3C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.440698 24.209.39.246:2126 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1FBEE67  Ack: 0xB1CEB495  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.611247 24.209.39.246:2131 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7662 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA20035BB  Ack: 0xB1D6C110  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]