SnortSnarf alert page

Destination: 192.168.1.6: #2301-2400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:31:18.921482 on 05/07/2003
Latest: 06:40:56.632802 on 05/08/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:18.921482 24.209.39.246:4826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32714 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB8E2F3ED  Ack: 0xA606EFD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:20.046213 24.209.39.246:4857 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB8FE87F6  Ack: 0xA6301A36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:30.560309 24.209.39.246:1163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9F941A7  Ack: 0xA69FFA90  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:31.575245 24.209.39.246:1186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA0E819E  Ack: 0xA7035D1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:42.115106 24.209.39.246:1456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36111 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAFD9457  Ack: 0xA76872B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:43.154745 24.209.39.246:1490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36281 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBB1BAF1A  Ack: 0xA7326F90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:47.177938 24.209.39.246:1597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB796D0E  Ack: 0xA78CE31C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:48.331645 24.209.39.246:1628 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37039 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBB94B1A0  Ack: 0xA808B034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:49.468706 24.209.39.246:1660 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBB0409B  Ack: 0xA7AEDAE9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:20.233687 24.209.39.246:1365 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11850 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4FE9846D  Ack: 0x7A54320  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:25.097987 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12644 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x50656E18  Ack: 0x8A9761D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:26.480147 24.209.39.246:1547 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5086AB7D  Ack: 0x8303D39  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:30.780620 24.209.39.246:1695 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13615 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5108BE6D  Ack: 0x8D6B55B  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:40.398743 24.209.39.246:1947 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51E69C46  Ack: 0x8FB54B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:45.109783 24.209.39.246:2084 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15806 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x525C4FFD  Ack: 0x9390D0C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:46.335751 24.209.39.246:2116 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16016 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x52766FAC  Ack: 0xA2DAB67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:51.245331 24.209.39.246:2263 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16823 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52F14744  Ack: 0xA038EF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:53.134804 24.209.39.246:2311 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5317C05B  Ack: 0xA3ED2E7  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:05.280939 24.209.39.246:2564 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F7F851  Ack: 0xA85194D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:10.319067 24.209.39.246:2780 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19656 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54B22048  Ack: 0xB9DB3B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:11.799600 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:14.581009 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:15.977163 24.209.39.246:2934 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20487 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55373927  Ack: 0xB43C970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:27.032524 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56329ACA  Ack: 0xBD2C19B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-17:50:10.916345 24.71.225.134:1973 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4892803  Ack: 0xB2287296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-17:50:10.952300 24.71.225.134:1973 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43703 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4892DB7  Ack: 0xB2287296  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.098157 24.209.39.246:1351 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3002FE0C  Ack: 0x6D3C2FEB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.909022 24.209.39.246:1370 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9828 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3013DDAC  Ack: 0x6D235298  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:46.070571 24.209.39.246:1390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30254629  Ack: 0x6DAEB449  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:50.409052 24.209.39.246:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x309791C7  Ack: 0x6DE91474  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:54.787283 24.209.39.246:1640 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FC9E52  Ack: 0x6DE5E655  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:39:55.654267 24.209.39.246:1666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3113155A  Ack: 0x6DFD988F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:40:00.087720 24.209.39.246:1783 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x317750E8  Ack: 0x6DB4F2A2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:13.684696 24.209.39.246:2069 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14123 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x327235EE  Ack: 0x6ECF0385  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:23.899919 24.209.39.246:2537 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x340467E4  Ack: 0x708D325D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:28.249658 24.209.39.246:2687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34843333  Ack: 0x70D33F07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:29.005637 24.209.39.246:2720 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x349FA21D  Ack: 0x70E02E57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:33.411485 24.209.39.246:2878 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3527C172  Ack: 0x7110BA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:34.689412 24.209.39.246:2928 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18097 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x355141F5  Ack: 0x70BC2089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:35.534513 24.209.39.246:2952 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3566656F  Ack: 0x713A9A86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:39.694050 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18912 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x357ADF5B  Ack: 0x71BB8D0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:50.120275 24.209.39.246:3393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20623 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36E26B49  Ack: 0x7263FBFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:56:55.083258 24.209.39.246:4909 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35754 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x993DE086  Ack: 0xAE5098B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:07.924578 24.209.39.246:1539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37777 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B44F9B5  Ack: 0xAF5C3A48  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:08.560136 24.209.39.246:1652 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37864 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9BA6BDB3  Ack: 0xAFDC11AE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.314914 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39458 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CB1023E  Ack: 0xAFF95601  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.666173 24.209.39.246:1975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39535 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CBBDF34  Ack: 0xB04806AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.730454 24.209.39.246:1991 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40214 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9CC96653  Ack: 0xB06AE0DB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.842512 24.209.39.246:2112 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9D2A9127  Ack: 0xB011F2EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:21.932233 24.209.39.246:2120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40265 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9D30BE25  Ack: 0xB039AD5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.023235 24.209.39.246:2125 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40286 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D345BAD  Ack: 0xB0B82C19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.087768 24.209.39.246:2127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D3627CE  Ack: 0xB06B7DB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.177083 24.209.39.246:2130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40316 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D38C9F1  Ack: 0xB03AA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:35.833184 24.209.39.246:2516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42400 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E859E0E  Ack: 0xB0E1CBF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:36.416901 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:39.185416 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.060808 24.209.39.246:2662 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43152 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9F012E6D  Ack: 0xB10B977D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.490372 24.209.39.246:2683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F13ABEA  Ack: 0xB1312D5B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-19:21:44.350410 66.77.73.209:4841 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:23614 IpLen:20 DgmLen:218 DF
***AP*** Seq: 0x244775DE  Ack: 0xBE3F64B  Win: 0x4020  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2911874284 1322079987 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:35.011238 24.245.36.142:1695 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15101 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC12B31F  Ack: 0xB103F417  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:36.003367 24.245.36.142:1750 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15249 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC3FA34A  Ack: 0xB1706C11  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:39.191329 24.245.36.142:1763 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15696 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC4B1265  Ack: 0xB17C2674  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-20:05:39.703602 24.245.36.142:1882 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:15780 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACADA30C  Ack: 0xB13B3F98  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-21:52:15.119912 66.196.65.24:35307 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:4963 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD33F0B71  Ack: 0x4504E086  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:51.189570 24.205.137.12:4606 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51634 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E844F45  Ack: 0x38E66197  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:56.451658 24.205.137.12:4685 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51935 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3ED37A81  Ack: 0x39AD54C5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:04:57.789614 24.205.137.12:4707 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:51984 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3EE7C779  Ack: 0x39EB3208  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:08.550198 24.205.137.12:4850 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52476 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3F7B5A8A  Ack: 0x39C9836D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:09.490636 24.205.137.12:4866 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52527 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3F8CA7BE  Ack: 0x3A5621DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-00:05:10.617154 24.205.137.12:4879 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52574 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3F97FE16  Ack: 0x3A9F7077  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-00:05:22.137754 24.205.137.12:1082 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:52965 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x40167554  Ack: 0x3B93B767  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:24.153519 24.205.137.12:1110 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53046 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4033C46C  Ack: 0x3BBCCE28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:25.105801 24.205.137.12:1134 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53098 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x404E9FB1  Ack: 0x3C798626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:26.499070 24.205.137.12:1142 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53143 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4058961A  Ack: 0x3C0A0BE6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:28.143554 24.205.137.12:1164 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53214 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x406D34B8  Ack: 0x3C592269  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:33.535164 24.205.137.12:1222 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53397 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x40ACD8DA  Ack: 0x3C892B3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:47.355740 24.205.137.12:1354 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:53961 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x413D9A01  Ack: 0x3D9DC063  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:48.450725 24.205.137.12:1410 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54004 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4177C955  Ack: 0x3D53B1E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:05:49.711542 24.205.137.12:1426 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54058 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x418829CC  Ack: 0x3D767759  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:06:00.657885 24.205.137.12:1580 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x422233A8  Ack: 0x3E34B0AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:51:13.016005 211.167.226.78:1904 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:49626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE731EAD5  Ack: 0xE8F59557  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:51:13.037445 211.167.226.78:1904 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:49627 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE731F089  Ack: 0xE8F59557  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:54:33.217394 211.167.226.78:4095 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:17159 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFADDC189  Ack: 0xF5F7C72B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:54:33.243197 211.167.226.78:4095 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:17160 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFADDC73D  Ack: 0xF5F7C72B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:55:17.085021 211.167.226.78:1705 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:24734 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF3478AC  Ack: 0xF840F8EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-00:55:17.095076 211.167.226.78:1705 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:24735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF347E60  Ack: 0xF840F8EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.245005 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640861  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.266825 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640E15  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-05:59:05.363919 219.155.227.106:1952 -> 192.168.1.6:80
TCP TTL:34 TOS:0x0 ID:22619 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xDE465C18  Ack: 0x735B1BBC  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-05:59:05.383874 219.155.227.106:1952 -> 192.168.1.6:80
TCP TTL:34 TOS:0x0 ID:22620 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xDE46617C  Ack: 0x735B1BBC  Win: 0x40B0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:38.310179 24.84.94.195:4393 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29203 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2157D68C  Ack: 0x116AC415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:38.863084 24.84.94.195:4401 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29264 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x215F9027  Ack: 0x113C7B25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:42.464615 24.84.94.195:4477 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21A2D475  Ack: 0x1194F726  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:42.880494 24.84.94.195:4478 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29603 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21A45EB4  Ack: 0x1152C703  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:52.545130 24.84.94.195:4734 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30652 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22720299  Ack: 0x124B4724  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-06:40:52.762452 24.84.94.195:4736 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30664 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2273BAA5  Ack: 0x124F4487  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-06:40:52.976680 24.84.94.195:4742 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30680 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2277F858  Ack: 0x11F2E9EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:53.198050 24.84.94.195:4748 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30696 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x227D2B0E  Ack: 0x11EA1EBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:56.408299 24.84.94.195:4814 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22B5AF8C  Ack: 0x12BCE2F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:40:56.632802 24.84.94.195:4822 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22BAB01D  Ack: 0x1239F164  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]