SnortSnarf alert page

Destination: 192.168.1.6: #2401-2500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 06:41:09.444844 on 05/08/2003
Latest: 22:07:29.523217 on 05/08/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:09.444844 24.84.94.195:3098 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:31933 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x236C6308  Ack: 0x125698DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:12.580036 24.84.94.195:3154 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:32221 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x239FC04C  Ack: 0x1300F546  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:22.568276 24.84.94.195:3415 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33056 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x248C800F  Ack: 0x13DAE2E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:23.000097 24.84.94.195:3428 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33128 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24980145  Ack: 0x140526C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:25.789871 24.84.94.195:3428 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33464 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24980145  Ack: 0x140526C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:26.303368 24.84.94.195:3518 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33522 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x24E5A99C  Ack: 0x13DFD154  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-06:41:29.860761 24.84.94.195:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x251DA2F8  Ack: 0x14199717  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-08:14:02.290169 66.196.65.24:6414 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:16430 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xED59532C  Ack: 0x71B1D1F6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.881196 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DA5FD  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.902980 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DABB1  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.876576 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72AD58  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.896691 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72B30C  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-11:04:48.366684 216.39.50.13:40289 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47691 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x993E7542  Ack: 0xF6281AC2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 507563799 1351060617 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:03.685512 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5A7CC  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:06.130117 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5AD80  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:20.641971 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:27824 IpLen:20 DgmLen:68
******S* Seq: 0xC60713FF  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189292 0 NOP 
TCP Options => NOP CCNEW: 13443299

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.415396 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:32979 IpLen:20 DgmLen:68
******S* Seq: 0xC6D66004  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189297 0 NOP 
TCP Options => NOP CCNEW: 13443478

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.634732 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33507 IpLen:20 DgmLen:68
******S* Seq: 0xC6ED603E  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189297 0 NOP 
TCP Options => NOP CCNEW: 13443499

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.924799 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33925 IpLen:20 DgmLen:68
******S* Seq: 0xC70377E4  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189298 0 NOP 
TCP Options => NOP CCNEW: 13443518

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:23.964927 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:33953 IpLen:20 DgmLen:68
******S* Seq: 0xC705AE04  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189298 0 NOP 
TCP Options => NOP CCNEW: 13443520

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:24.366692 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:34653 IpLen:20 DgmLen:68
******S* Seq: 0xC722BC18  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189299 0 NOP 
TCP Options => NOP CCNEW: 13443546

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:25.107636 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:35809 IpLen:20 DgmLen:68
******S* Seq: 0xC7524867  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189300 0 NOP 
TCP Options => NOP CCNEW: 13443588

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:25.451424 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:36405 IpLen:20 DgmLen:68
******S* Seq: 0xC7683241  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189301 0 NOP 
TCP Options => NOP CCNEW: 13443610

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:26.471661 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:38279 IpLen:20 DgmLen:68
******S* Seq: 0xC7A51FD6  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189303 0 NOP 
TCP Options => NOP CCNEW: 13443663

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:26.781267 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:38917 IpLen:20 DgmLen:68
******S* Seq: 0xC7BD243A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189303 0 NOP 
TCP Options => NOP CCNEW: 13443687

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:27.218493 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:39703 IpLen:20 DgmLen:68
******S* Seq: 0xC7D909AA  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189304 0 NOP 
TCP Options => NOP CCNEW: 13443710

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:27.452834 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:40113 IpLen:20 DgmLen:68
******S* Seq: 0xC7EC3C8A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189305 0 NOP 
TCP Options => NOP CCNEW: 13443726

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:29.816534 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:44201 IpLen:20 DgmLen:68
******S* Seq: 0xC8860653  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189309 0 NOP 
TCP Options => NOP CCNEW: 13443861

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.518786 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52282 IpLen:20 DgmLen:68
******S* Seq: 0xC991651E  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189316 0 NOP 
TCP Options => NOP CCNEW: 13444095

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.620228 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52420 IpLen:20 DgmLen:68
******S* Seq: 0xC995D20F  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189317 0 NOP 
TCP Options => NOP CCNEW: 13444097

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:33.735115 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:52642 IpLen:20 DgmLen:68
******S* Seq: 0xC99D5336  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189317 0 NOP 
TCP Options => NOP CCNEW: 13444103

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:34.835001 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:54234 IpLen:20 DgmLen:68
******S* Seq: 0xC9E64A4B  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189319 0 NOP 
TCP Options => NOP CCNEW: 13444169

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:35.364117 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:55168 IpLen:20 DgmLen:68
******S* Seq: 0xCA08E6A3  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189320 0 NOP 
TCP Options => NOP CCNEW: 13444200

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:35.589487 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:55366 IpLen:20 DgmLen:68
******S* Seq: 0xCA10FCDB  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189321 0 NOP 
TCP Options => NOP CCNEW: 13444204

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.117237 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:541 IpLen:20 DgmLen:68
******S* Seq: 0xCB7D6784  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189331 0 NOP 
TCP Options => NOP CCNEW: 13444523

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.470640 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:1009 IpLen:20 DgmLen:68
******S* Seq: 0xCB979201  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189332 0 NOP 
TCP Options => NOP CCNEW: 13444548

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:41.486389 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:1011 IpLen:20 DgmLen:68
******S* Seq: 0xCB99735F  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189332 0 NOP 
TCP Options => NOP CCNEW: 13444549

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:42.875983 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:3288 IpLen:20 DgmLen:68
******S* Seq: 0xCBEAE86B  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189335 0 NOP 
TCP Options => NOP CCNEW: 13444623

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.006581 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5370 IpLen:20 DgmLen:68
******S* Seq: 0xCC2E314A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444677

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.122367 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5508 IpLen:20 DgmLen:68
******S* Seq: 0xCC3371C4  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444681

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:44.307951 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:5876 IpLen:20 DgmLen:68
******S* Seq: 0xCC3CF2AA  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189337 0 NOP 
TCP Options => NOP CCNEW: 13444689

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:45.972298 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:8978 IpLen:20 DgmLen:68
******S* Seq: 0xCC9E2254  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189341 0 NOP 
TCP Options => NOP CCNEW: 13444776

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.159136 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:10645 IpLen:20 DgmLen:68
******S* Seq: 0xCCC78598  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444812

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.320532 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:10857 IpLen:20 DgmLen:68
******S* Seq: 0xCCCE44B7  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444818

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:47.399404 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:11079 IpLen:20 DgmLen:68
******S* Seq: 0xCCD33006  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189343 0 NOP 
TCP Options => NOP CCNEW: 13444821

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:48.119268 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:12207 IpLen:20 DgmLen:68
******S* Seq: 0xCCF36F75  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189345 0 NOP 
TCP Options => NOP CCNEW: 13444850

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:49.669921 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:14846 IpLen:20 DgmLen:68
******S* Seq: 0xCD3D9548  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189348 0 NOP 
TCP Options => NOP CCNEW: 13444915

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:53.758125 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:21731 IpLen:20 DgmLen:68
******S* Seq: 0xCE1A2B1A  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445100

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:53.962558 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:22151 IpLen:20 DgmLen:68
******S* Seq: 0xCE277940  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445113

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:54.095659 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:22355 IpLen:20 DgmLen:68
******S* Seq: 0xCE2BA220  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189356 0 NOP 
TCP Options => NOP CCNEW: 13445117

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:55.507723 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:24146 IpLen:20 DgmLen:68
******S* Seq: 0xCE7843DB  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189359 0 NOP 
TCP Options => NOP CCNEW: 13445184

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:56.624254 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:26305 IpLen:20 DgmLen:68
******S* Seq: 0xCEBF1E30  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189361 0 NOP 
TCP Options => NOP CCNEW: 13445250

[**] [116:56:1] (snort_decoder): T/TCP Detected [**]
05/08-12:21:58.328224 63.210.249.45:0 -> 192.168.1.6:0
TCP TTL:50 TOS:0x0 ID:28741 IpLen:20 DgmLen:68
******S* Seq: 0xCF1BC1CF  Ack: 0x0  Win: 0x4000  TcpLen: 48
TCP Options (9) => MSS: 512 NOP WS: 0 NOP NOP TS: 1189364 0 NOP 
TCP Options => NOP CCNEW: 13445331

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-13:55:16.272729 24.173.130.70:3834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:50771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A7638D4  Ack: 0x7AB9AE6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-13:55:16.280168 24.173.130.70:3834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:50772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A763E88  Ack: 0x7AB9AE6E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-15:00:42.968440 213.145.174.123:2496 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AB3908E  Ack: 0x71E9DF59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-15:00:42.992707 213.145.174.123:2496 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AB39642  Ack: 0x71E9DF59  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-16:15:44.738516 24.91.112.149:3311 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:51791 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCD06664  Ack: 0x8D5606E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-16:15:44.746516 24.91.112.149:3311 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:51792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCD06C18  Ack: 0x8D5606E9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:42:49.470944 24.130.75.33:3057 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14621 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6F3B8BA2  Ack: 0xD62DB1C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:42:57.729398 24.130.75.33:3207 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14956 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6FD33B16  Ack: 0xD6214451  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:01.739043 24.130.75.33:3223 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15093 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE33639  Ack: 0xD6CEE10A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:02.963723 24.130.75.33:3273 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15133 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7016BB09  Ack: 0xD6745C99  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-17:43:07.485147 24.130.75.33:3337 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15314 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x705928CB  Ack: 0xD6D7ACC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-17:43:13.999388 24.130.75.33:3400 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15654 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7095F015  Ack: 0xD807DB84  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:10:06.729241 24.209.196.254:3174 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5249D57C  Ack: 0x3D9C35AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:10:06.750754 24.209.196.254:3174 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5249DB30  Ack: 0x3D9C35AF  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/08-18:19:23.598359 209.17.64.226 -> 192.168.1.6
ICMP TTL:232 TOS:0x0 ID:32648 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:33860 -> 209.17.84.252:113
TCP TTL:48 TOS:0x0 ID:48601 IpLen:20 DgmLen:60 DF
Seq: 0x5F7BE985  Ack: 0xEBD7BA3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.061862 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1A32  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.097062 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1FE6  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:31:52.040908 24.209.196.254:2506 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52144 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83E41AE8  Ack: 0x5551C5E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:31:52.050587 24.209.196.254:2506 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52145 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83E4209C  Ack: 0x5551C5E0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:53:08.870724 24.209.196.254:1096 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43868 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8BDDA7A  Ack: 0xA533185D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-20:53:08.902164 24.209.196.254:1096 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43869 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8BDE02E  Ack: 0xA533185D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:05:01.154987 24.209.196.254:3993 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38E897B7  Ack: 0xD2B8716B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:05:01.187835 24.209.196.254:3993 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38E89D6B  Ack: 0xD2B8716B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:46.323936 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FC576  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:46.334620 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FCB2A  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:07:49.017136 24.173.130.70:3255 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE8FCB2A  Ack: 0xDBCB3BDF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.689751 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x621620B1  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.710674 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62162665  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.570259 24.123.41.130:3354 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41422 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC3DA05EA  Ack: 0x2CF5C1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.877603 24.123.41.130:3375 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41489 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC3E8B790  Ack: 0x2D633FCD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:16.996218 24.123.41.130:3387 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC3F1A67C  Ack: 0x2D1B2369  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:17.114135 24.123.41.130:3401 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41551 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC3FAFB3C  Ack: 0x2D08AD16  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:17.249950 24.123.41.130:3406 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC3FE8C88  Ack: 0x2DA92939  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-21:29:27.077377 24.123.41.130:4004 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43879 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC5D90FD9  Ack: 0x2D73CAB4  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/08-21:29:36.480037 24.123.41.130:4545 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45730 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC7815AC6  Ack: 0x2E7E6356  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:36.588855 24.123.41.130:4549 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45752 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC7856167  Ack: 0x2E92E9F2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:45.923674 24.123.41.130:3266 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47724 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC937D7BB  Ack: 0x2EC27442  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.091493 24.123.41.130:3273 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47766 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC93CBAC4  Ack: 0x2F3224C2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.256710 24.123.41.130:3283 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47803 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC9449D66  Ack: 0x2EC2C23E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.412599 24.123.41.130:3291 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47841 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC94B1E69  Ack: 0x2EB2F8A0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:46.573751 24.123.41.130:3301 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47881 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC953958E  Ack: 0x2F1A4481  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:49.890131 24.123.41.130:3301 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:48645 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC953958E  Ack: 0x2F1A4481  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:55.699617 24.123.41.130:3822 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAEA0408  Ack: 0x2F64DE74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:29:55.783494 24.123.41.130:3828 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49649 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCAEE9C83  Ack: 0x2FCCFFD6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:30:08.784003 24.123.41.130:4375 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC9BCF7E  Ack: 0x3025CEB3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:07:29.449955 24.209.196.254:4397 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x808D83F3  Ack: 0xBD90EE10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:07:29.523217 24.209.196.254:4397 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19983 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x808D89A7  Ack: 0xBD90EE10  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]