SnortSnarf alert page

Destination: 192.168.1.6: #2101-2200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:30:36.987973 on 05/06/2003
Latest: 23:32:51.325192 on 05/06/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.987973 24.161.112.40:4826 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20811 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D8D4DB  Ack: 0x9EE5F9F5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:47:51.200672 24.209.179.154:2765 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:806 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD21E54BF  Ack: 0xDF924D20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:47:51.209198 24.209.179.154:2765 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD21E5A73  Ack: 0xDF924D20  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:12:59.587290 24.209.179.154:3208 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4196 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66688AA2  Ack: 0x3E6C0591  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:12:59.594556 24.209.179.154:3208 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66689056  Ack: 0x3E6C0591  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:33:01.521639 24.147.143.32:2072 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64513 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x20335E79  Ack: 0x89B68057  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-14:33:01.530892 24.147.143.32:2072 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64514 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2033642D  Ack: 0x89B68057  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-15:53:46.018793 24.209.179.154:1822 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1BE0133  Ack: 0xBA5A8AB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-15:53:46.027831 24.209.179.154:1822 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1BE06E7  Ack: 0xBA5A8AB8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-16:33:54.893513 24.209.179.154:2457 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B54E27D  Ack: 0x52451264  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-16:33:54.901292 24.209.179.154:2457 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58556 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B54E831  Ack: 0x52451264  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-18:07:17.428657 68.72.208.32:1975 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55211 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x8DF6ADB5  Ack: 0xB3EE673B  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-18:07:17.534074 68.72.208.32:1975 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55212 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x8DF6B33B  Ack: 0xB3EE673B  Win: 0x4248  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:07:12.962499 24.195.81.51:1644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27680EC  Ack: 0x956BB360  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:07:12.996803 24.195.81.51:1644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27686A0  Ack: 0x956BB360  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:04.067272 24.199.65.162:3350 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60241 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x497F0245  Ack: 0xF3489393  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:04.549435 24.199.65.162:3422 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60278 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x49C0C516  Ack: 0xF417FF98  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:07.671341 24.199.65.162:3457 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60562 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49E4627C  Ack: 0xF46429CB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:13.781924 24.199.65.162:3513 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A1A0A99  Ack: 0xF413D8CC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:16.895817 24.199.65.162:3565 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62010 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A4CD1A2  Ack: 0xF448BBEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-19:32:17.043436 24.199.65.162:3626 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62036 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A84EC4A  Ack: 0xF514CCC6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-19:32:20.180661 24.199.65.162:3695 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62446 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AC1B8F0  Ack: 0xF4A02E9E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:23.315176 24.199.65.162:3701 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62820 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AC6C733  Ack: 0xF47913CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:26.455385 24.199.65.162:3843 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B47B288  Ack: 0xF578CA11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-19:32:29.590409 24.199.65.162:3909 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B86A345  Ack: 0xF598EC99  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:12:06.580608 24.209.196.254:3269 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19593 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B8DE014  Ack: 0x6E1AD448  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:12:06.626087 24.209.196.254:3269 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19594 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B8DE5C8  Ack: 0x6E1AD448  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:12.829341 24.63.13.134:3905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36440 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC8CCBEEB  Ack: 0x74BD0D40  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:15.365339 24.63.13.134:3971 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36646 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC9058945  Ack: 0x75696609  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:30.262703 24.63.13.134:4238 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:37951 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC9F19036  Ack: 0x761460EB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:32.972282 24.63.13.134:4358 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:38165 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA5AA350  Ack: 0x7608DBA5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:44.202539 24.63.13.134:4665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39130 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCB60ABFD  Ack: 0x77868265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:45.756386 24.63.13.134:4697 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39273 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB7E1E0D  Ack: 0x76BF1E2D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-21:14:46.972455 24.63.13.134:4729 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB9D4060  Ack: 0x7745DCDC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:47.898980 24.63.13.134:4767 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39492 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCBBE89D0  Ack: 0x776C17A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:49.005103 24.63.13.134:4795 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39570 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBD68F23  Ack: 0x778C5685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:50.527460 24.63.13.134:4824 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCBE93263  Ack: 0x778040DF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:52.330676 24.63.13.134:4955 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39860 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC1135C5  Ack: 0x77C51DBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:54.160941 24.63.13.134:1046 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40010 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC35C754  Ack: 0x77740CAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:55.379949 24.63.13.134:1083 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40153 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCC57E0DA  Ack: 0x780D3389  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:56.657128 24.63.13.134:1107 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40258 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC6D22EB  Ack: 0x77790642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:58.110150 24.63.13.134:1149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40396 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCC920FE7  Ack: 0x777CDD8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:14:59.456605 24.63.13.134:1186 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40503 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCCB38A3D  Ack: 0x77900ECA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:41:14.766728 24.209.24.98:1678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:18399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E040B7  Ack: 0xDB6FF9C5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:41:14.786381 24.209.24.98:1678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:18400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6E0466B  Ack: 0xDB6FF9C5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:46:17.480014 24.209.196.254:2098 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15512 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2137D9A8  Ack: 0xEE5E6DD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-21:46:17.503801 24.209.196.254:2098 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15513 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2137DF5C  Ack: 0xEE5E6DD6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:03:58.317021 24.214.128.126:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42756 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB726FBE  Ack: 0x3196C424  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.080591 24.214.128.126:4310 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43310 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC15D223  Ack: 0x31F5B4FA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.340602 24.214.128.126:4313 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43335 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC193AA8  Ack: 0x31E5B7DB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.571846 24.214.128.126:4322 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43354 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC20FACB  Ack: 0x323F79DD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:08.782270 24.214.128.126:4326 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43363 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC24960D  Ack: 0x31F90207  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:04:18.215451 24.214.128.126:4450 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43787 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACA34F9B  Ack: 0x32D26463  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:04:27.697400 24.214.128.126:4570 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44128 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD2264A8  Ack: 0x32A5278D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:27.926082 24.214.128.126:4574 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44139 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAD25B989  Ack: 0x331A9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:31.160129 24.214.128.126:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44229 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD506A0C  Ack: 0x338564E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:31.459880 24.214.128.126:4620 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44249 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD54155B  Ack: 0x32CE5EB3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:34.988811 24.214.128.126:4665 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD8419D1  Ack: 0x33A14CD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.268357 24.214.128.126:4667 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD8647F1  Ack: 0x3320DB42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.500788 24.214.128.126:4672 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44374 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAD8AD6D6  Ack: 0x3314C736  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.714161 24.214.128.126:4676 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAD8E9445  Ack: 0x33CBB978  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:35.933494 24.214.128.126:4678 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44404 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAD90F382  Ack: 0x33BBECB5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:04:45.462240 24.214.128.126:4829 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAE21A6EA  Ack: 0x34485278  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:55:58.312534 24.226.120.167:3778 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27553 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC9BBB059  Ack: 0xF59F0097  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:01.689057 24.226.120.167:3870 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27837 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA0C5971  Ack: 0xF5EB67B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:05.682122 24.226.120.167:3986 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28192 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA7019F4  Ack: 0xF5A52389  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:06.338334 24.226.120.167:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28236 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCA7BCAC1  Ack: 0xF598E798  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:16.360409 24.226.120.167:4222 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28844 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCB408786  Ack: 0xF68A3458  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:56:17.102194 24.226.120.167:4236 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28912 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB4BAEC9  Ack: 0xF63D78A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-22:56:17.731629 24.226.120.167:4265 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28968 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCB61017B  Ack: 0xF6525DB7  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:18.396492 24.226.120.167:4280 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29012 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCB6D6F16  Ack: 0xF65A0485  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:19.160145 24.226.120.167:4291 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCB788833  Ack: 0xF6590CE5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:29.246873 24.226.120.167:4538 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29786 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC53B4C3  Ack: 0xF73992F5  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:33.477228 24.226.120.167:4642 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30085 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCCB2D9E7  Ack: 0xF7298C87  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:37.637601 24.226.120.167:4738 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30383 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD07F3D3  Ack: 0xF74653B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:38.240080 24.226.120.167:4754 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30428 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCD15ACA4  Ack: 0xF803C585  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:38.898921 24.226.120.167:4767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30471 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD20A24A  Ack: 0xF75EB018  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:41.799728 24.226.120.167:4767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30651 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD20A24A  Ack: 0xF75EB018  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:42.655259 24.226.120.167:4914 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30733 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCD732EA0  Ack: 0xF82970EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-22:56:43.250742 24.226.120.167:4955 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD83E45D  Ack: 0xF7972C45  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:05:10.860325 24.209.179.154:2118 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:56006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0B06E11  Ack: 0x19AC6ECD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:05:10.881764 24.209.179.154:2118 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:56007 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0B073C5  Ack: 0x19AC6ECD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:49.185714 24.157.173.39:1497 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45603 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E1389D  Ack: 0x225991B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:50.314958 24.157.173.39:1507 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45674 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5EC3792  Ack: 0x22C102BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:53.465174 24.157.173.39:1515 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F3FBD8  Ack: 0x233CF9DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:57.231665 24.157.173.39:1601 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B8F21  Ack: 0x2380D656  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:07:57.841326 24.157.173.39:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x65884F2  Ack: 0x22BDDC30  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:07:58.369133 24.157.173.39:1630 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46284 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x666C9AD  Ack: 0x22EA179C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:08:01.831193 24.157.173.39:1686 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46607 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69CAEB8  Ack: 0x239739C1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:05.018888 24.157.173.39:1730 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46833 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C92F57  Ack: 0x23FCA5A2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:08.352284 24.157.173.39:1732 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47086 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CBF6DF  Ack: 0x2384C20F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:08.804881 24.157.173.39:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F95CE4  Ack: 0x2356B4F8  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:12.211507 24.157.173.39:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47391 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6FE835C  Ack: 0x241EA4EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:12.708957 24.157.173.39:1835 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47429 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x735F00F  Ack: 0x2413A4F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:16.232127 24.157.173.39:1841 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47718 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x73C2406  Ack: 0x23AC0C74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:16.469534 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47752 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E  Ack: 0x245A649D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:19.750377 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47984 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E  Ack: 0x245A649D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:26.266475 24.157.173.39:2018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48517 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7ED1BDF  Ack: 0x24A5B2CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:08:26.732044 24.157.173.39:2032 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48587 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7FB2E64  Ack: 0x2476C4D5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:32:51.325192 24.122.7.136:4736 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:53299 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9C92D588  Ack: 0x80BBA811  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]