SnortSnarf alert page

Destination: 192.168.1.6: #2501-2600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:29:52.218670 on 05/08/2003
Latest: 22:36:04.430873 on 05/09/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:29:52.218670 24.233.151.10:2996 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF04EB045  Ack: 0x126B8341  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:29:52.243805 24.233.151.10:2996 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF04EB5F9  Ack: 0x126B8341  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:39:24.975881 24.145.197.96:3264 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889731EF  Ack: 0x362C970F  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-22:39:24.983066 24.145.197.96:3264 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889737A3  Ack: 0x362C970F  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:14.135635 24.29.111.166:2437 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15274 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCE56A14C  Ack: 0xC7AAF56C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:15.770429 24.29.111.166:2569 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15643 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCE9F7AAD  Ack: 0xC7B8DC7B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:16.904464 24.29.111.166:2745 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCEFDBD5D  Ack: 0xC7FEB2F6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:26.788946 24.29.111.166:4251 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19105 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD2106898  Ack: 0xC94BD6BF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:37.118432 24.29.111.166:4493 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0xD26994BD  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:41:37.660727 24.29.111.166:1492 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22034 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD48DA4D0  Ack: 0xC9F51780  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:41:42.085970 24.29.111.166:1754 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23258 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55D350D  Ack: 0xC9931C3B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:43.414276 24.29.111.166:1885 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23502 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD5B920D0  Ack: 0xC9AAA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-02:41:44.506323 24.29.111.166:1959 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23745 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5F14CB9  Ack: 0xCA10601F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-02:56:29.958304 216.39.50.54:54678 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:3055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA220C5B0  Ack: 0x1072451  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 513265232 1380306377 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:37.107324 24.98.22.117:3092 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31817 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF5F8222  Ack: 0x4DEB066E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:42.364204 24.98.22.117:3170 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32246 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCFAD6167  Ack: 0x4E3DB34D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:46.213461 24.98.22.117:3182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32546 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFB8EE24  Ack: 0x4EEB02E7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:47.044562 24.98.22.117:3239 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32607 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFECD2D6  Ack: 0x4F52126D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:24:56.846516 24.98.22.117:3381 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33346 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD07A9D9A  Ack: 0x501C606C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-04:24:57.506199 24.98.22.117:3388 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33411 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD082A059  Ack: 0x5075DD0C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-04:25:01.627037 24.98.22.117:3444 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:33724 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD0B91B92  Ack: 0x5025667C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:11.630455 24.98.22.117:3575 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:34450 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD13C72C2  Ack: 0x51091E4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:12.412330 24.98.22.117:3582 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:34514 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD144AF19  Ack: 0x50D273E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:22.184746 24.98.22.117:3724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1D4D108  Ack: 0x515FD3AF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:22.880494 24.98.22.117:3739 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35369 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1E18CB7  Ack: 0x52521CB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:23.510219 24.98.22.117:3747 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD1EA841B  Ack: 0x520F7FE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:33.195970 24.98.22.117:3885 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36211 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD274F463  Ack: 0x523C4383  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:37.010169 24.98.22.117:3950 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2B1A0E8  Ack: 0x52973179  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:37.643553 24.98.22.117:3960 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36631 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD2BC464C  Ack: 0x53269E8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-04:25:38.395559 24.98.22.117:3972 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2C7D0EF  Ack: 0x53194087  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:14.641567 24.140.76.14:3866 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:28598 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75C62AFB  Ack: 0x377534AB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:23.657640 24.140.76.14:4155 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:29827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x76B4B444  Ack: 0x38553B58  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:26:54.497738 24.140.76.14:1371 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:33216 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A07E9C9  Ack: 0x394CC833  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:27:13.269392 24.140.76.14:1993 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35363 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7C0A48BC  Ack: 0x3B3A5C4C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:27:22.244465 24.140.76.14:2309 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:36381 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D0D4F76  Ack: 0x3B2016E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-05:27:35.068461 24.140.76.14:2721 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:37782 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E6D1941  Ack: 0x3C53D952  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-05:27:53.080697 24.140.76.14:3353 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8077D092  Ack: 0x3D0540D7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:02.503155 24.140.76.14:3627 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:41191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x815E1405  Ack: 0x3DD67AE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:33.272837 24.140.76.14:4649 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44830 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84ACD9E8  Ack: 0x3F39F0AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:28:52.467293 24.140.76.14:1452 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:47085 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86AEE3A0  Ack: 0x405E150C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:01.880474 24.140.76.14:1779 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:48136 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x87BD623D  Ack: 0x41909BA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:10.890630 24.140.76.14:2085 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:49090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x88B8CD79  Ack: 0x41E48D3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-05:29:24.264364 24.140.76.14:2504 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:50430 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A190067  Ack: 0x428CFE50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:04.999358 24.245.2.233:3701 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4581 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDC25590A  Ack: 0xB40FB98  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:05.641847 24.245.2.233:3711 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4603 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDC2F8300  Ack: 0xB51C038  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.310155 24.245.2.233:3769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC697508  Ack: 0xB426424  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.509672 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC6B6F8C  Ack: 0xB3672AF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:12.740256 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC9B10BD  Ack: 0xADDAF3F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:12.924552 24.245.2.233:3826 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4913 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDCA0E5A5  Ack: 0xB50E98A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:22.446942 24.245.2.233:3939 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5172 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDD14ADB1  Ack: 0xBBC8E55  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.755863 24.245.2.233:3944 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5184 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDD191A7F  Ack: 0xB925C32  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.961231 24.245.2.233:3947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD1CA9F2  Ack: 0xBC35A5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:26.464908 24.245.2.233:3987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5307 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD462B98  Ack: 0xC5C6724  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:29.958235 24.245.2.233:4037 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD7BD68D  Ack: 0xC544BEB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:39.706387 24.245.2.233:4184 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDE0E6744  Ack: 0xD1C1394  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:49.171614 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6372 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.089485 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.480557 24.245.2.233:4385 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6470 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDED461E0  Ack: 0xE01A74E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.677893 24.245.2.233:4391 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6478 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDED970F4  Ack: 0xD5D3866  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:54:02.113944 24.245.2.233:4496 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6720 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF4C1B1C  Ack: 0xE26E8A1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.263019 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27744 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF68521D9  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.282951 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF685278D  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.303335 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F0E1  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.321731 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54635 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F695  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.804928 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AAD98  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.838352 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AB34C  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.462895 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553DEAB  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.487961 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553E45F  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:38:43.016487 24.218.185.195:1119 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:32991 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xDAE39A7C  Ack: 0x5F3E9861  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:38:43.025980 24.218.185.195:1119 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:32992 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xDAE39F68  Ack: 0x5F3E9861  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:42.295746 24.242.253.122:1657 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17575 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8185335A  Ack: 0x62BFC998  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:47.657795 24.242.253.122:3247 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19956 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x85DB7331  Ack: 0x62B3339C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:52.483458 24.242.253.122:3386 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:22022 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8640FE50  Ack: 0x62EE156B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:39:58.227384 24.242.253.122:1348 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24397 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8AA91DCE  Ack: 0x636B95BA  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:40:03.592776 24.242.253.122:2229 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8D28F9D5  Ack: 0x635649CC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-14:40:05.467306 24.242.253.122:2367 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27563 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8D8A54A1  Ack: 0x63DC0AA1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-14:40:10.895945 24.242.253.122:3238 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29848 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x90034C34  Ack: 0x6421C7A2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:40:19.174026 24.242.253.122:4306 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33386 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9291F0CB  Ack: 0x64F75556  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-16:00:14.080520 24.209.196.254:3924 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDC81776  Ack: 0x931F093B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-16:00:14.110500 24.209.196.254:3924 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDC81D2A  Ack: 0x931F093B  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/09-17:48:48.986244 139.130.193.78 -> 192.168.1.6
ICMP TTL:236 TOS:0x0 ID:15923 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:33897 -> 144.140.24.119:113
TCP TTL:44 TOS:0x0 ID:63234 IpLen:20 DgmLen:60 DF
Seq: 0x2B83C66A  Ack: 0x4022BC3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-18:05:59.141718 24.126.123.161:2957 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:62058 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x92AA9CD  Ack: 0x6D5A0F32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-18:05:59.148271 24.126.123.161:2957 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:62059 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x92AAF81  Ack: 0x6D5A0F32  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:07:07.939681 24.209.196.254:3805 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31576 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x558DD5F8  Ack: 0x53D91A58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:07:07.948464 24.209.196.254:3805 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31577 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x558DDBAC  Ack: 0x53D91A58  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:20:29.154620 24.100.77.7:2169 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCC831B00  Ack: 0x86AEA8FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:20:29.236901 24.100.77.7:2169 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCC8320B4  Ack: 0x86AEA8FB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:37:58.144892 24.209.196.254:4903 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34584 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE42618F3  Ack: 0xC8EF1710  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-19:37:58.165165 24.209.196.254:4903 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34585 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4261EA7  Ack: 0xC8EF1710  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:29.991039 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63334 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x198BEE96  Ack: 0x3143545A  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.203349 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63336 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x198BEF57  Ack: 0x31435709  Win: 0x41C1  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.315186 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63337 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x198BF017  Ack: 0x31435A04  Win: 0x3EC6  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.393471 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63338 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x198BF0D8  Ack: 0x31435CB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.475868 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63339 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x198BF198  Ack: 0x31435FAD  Win: 0x4175  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.608913 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63340 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0x198BF234  Ack: 0x3143611A  Win: 0x4008  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-20:05:30.704461 144.13.120.66:1817 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63342 IpLen:20 DgmLen:214 DF
***AP*** Seq: 0x198BF2E3  Ack: 0x314363C8  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.808370 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC93966A  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.834803 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC939C1E  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:01.141307 24.98.129.251:4647 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61709 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7764431D  Ack: 0x68F8AED5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.430873 24.98.129.251:4900 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62492 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7828F08B  Ack: 0x687B6717  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]