SnortSnarf alert page

Destination: 192.168.1.6: #2801-2900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 09:35:23.734831 on 05/12/2003
Latest: 23:42:19.044654 on 05/12/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:23.734831 24.125.85.187:3921 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9799 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA212D181  Ack: 0xA38D8C3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:33.375467 24.125.85.187:4194 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10811 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2F66A7F  Ack: 0xA47D3D70  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:33.887420 24.125.85.187:4213 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10875 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA30623C4  Ack: 0xA4726D99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:37.377859 24.125.85.187:4226 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11242 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3116F12  Ack: 0xA4FA5053  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:43.470011 24.125.85.187:4226 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11874 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3116F12  Ack: 0xA4FA5053  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:47.098609 24.125.85.187:4603 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12209 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA446C1E4  Ack: 0xA549A092  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:47.684296 24.125.85.187:4629 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12295 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA45B1804  Ack: 0xA5731EC6  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:48:23.161928 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE617B5  Ack: 0xD45E1659  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:48:23.202509 24.209.42.242:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AE61D69  Ack: 0xD45E1659  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-10:06:19.147253 66.196.65.24:4976 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48260 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x533829C7  Ack: 0x18A7D862  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/12-10:21:04.608376 193.10.220.145 -> 192.168.1.6
ICMP TTL:233 TOS:0x0 ID:7621 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:80 -> 193.10.229.17:2446
TCP TTL:42 TOS:0x0 ID:6184 IpLen:20 DgmLen:774 DF
Seq: 0x5191264E  Ack: 0xD0ADBF3E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.090368 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B7B77  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.130202 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B812B  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:46.333938 24.218.160.238:1102 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61033 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x42078994  Ack: 0x61A7170E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:47.481794 24.218.160.238:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61180 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x421F7B6E  Ack: 0x61C9CED8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:51.364286 24.218.160.238:1241 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61703 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4283A14B  Ack: 0x619217D2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:52.063890 24.218.160.238:1250 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61779 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x428BBD03  Ack: 0x6180B841  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:48:52.771899 24.218.160.238:1273 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61879 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x429FBEEA  Ack: 0x617CF135  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:57:14.112125 24.207.210.156:3179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60578181  Ack: 0x8107B7EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:57:14.175256 24.207.210.156:3179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60578735  Ack: 0x8107B7EE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:17.507236 24.63.13.134:4200 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44524 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAEAD9756  Ack: 0x4D674268  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:19.230218 24.63.13.134:4373 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44892 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF355719  Ack: 0x4CEFBB04  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:20.407699 24.63.13.134:4421 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45040 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF5D9C4F  Ack: 0x4D0D84C0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:24.389760 24.63.13.134:4475 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45972 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF8611FC  Ack: 0x4D475D39  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:25.498000 24.63.13.134:1064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB06E2DC2  Ack: 0x4CF94AA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.032167 24.63.13.134:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46817 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0A1FF9F  Ack: 0x4DD2FAF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-14:51:29.537811 24.63.13.134:1355 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1553EB9  Ack: 0x4DD1ECAD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.065325 24.63.13.134:1387 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:46981 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB170528B  Ack: 0x4E069140  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:30.804841 24.63.13.134:1399 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47074 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB17A8AB8  Ack: 0x4DCD2737  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:35.386836 24.63.13.134:1688 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:47854 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2601699  Ack: 0x4E1CD810  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:36.472375 24.63.13.134:1741 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB289CC89  Ack: 0x4E0842E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:37.130793 24.63.13.134:1792 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2B586B7  Ack: 0x4E5ADB37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:40.991761 24.63.13.134:1802 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:48966 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2BFFD93  Ack: 0x4E19E3B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:41.942108 24.63.13.134:2086 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB39F08ED  Ack: 0x4E5CB850  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:43.031881 24.63.13.134:2105 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49205 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB3AF74EF  Ack: 0x4EE817D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-14:51:47.531353 24.63.13.134:2410 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:49985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB4A334C3  Ack: 0x4EB5B634  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:19.674540 24.148.68.177:1038 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9465 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x88C3BBFB  Ack: 0x3DBE9990  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:24.002105 24.148.68.177:1131 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9723 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x891EACA8  Ack: 0x3F415E88  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:24.520621 24.148.68.177:1145 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9763 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x892CD060  Ack: 0x3FA90A8D  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:25.092895 24.148.68.177:1160 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9830 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8939B32A  Ack: 0x3F5EC0DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:25.752998 24.148.68.177:1220 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x896938E8  Ack: 0x3FCBF037  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:55:26.457200 24.148.68.177:1283 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10010 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x899922E8  Ack: 0x3F37676A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:55:31.415654 24.148.68.177:1353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10348 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x89DC0A01  Ack: 0x40294B9E  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:33.095746 24.148.68.177:1376 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10417 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x89F350A6  Ack: 0x404967EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:34.780823 24.148.68.177:1410 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10524 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A1211FD  Ack: 0x4067B91A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:36.419131 24.148.68.177:1430 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10669 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A27035F  Ack: 0x401A0773  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:37.822272 24.148.68.177:1449 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A3CC8AB  Ack: 0x3FB01A7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:39.168655 24.148.68.177:1480 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10813 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8A578C33  Ack: 0x408A09BE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:40.554925 24.148.68.177:1495 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10895 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A672B71  Ack: 0x4073A0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:43.651175 24.148.68.177:1495 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11060 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8A672B71  Ack: 0x4073A0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:45.106292 24.148.68.177:1579 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11124 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB0CEAD  Ack: 0x4059D168  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:46.910116 24.148.68.177:1600 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11255 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AC532EF  Ack: 0x4036767B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-15:55:50.902880 24.148.68.177:1778 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B5BEA1C  Ack: 0x40DAC6FE  Win: 0xFAF0  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:59:00.242639 129.137.194.128:2109 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23482 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0xB83DF9A6  Ack: 0x4C4B37D3  Win: 0x40B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-15:59:03.625990 129.137.194.128:2109 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23485 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xB83DFA33  Ack: 0x4C4B3941  Win: 0x3F42  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:55.996481 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28261 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F1184B  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:56.016905 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F11DFF  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:51:39.054281 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A34CDB  Ack: 0x139FF295  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:51:39.125899 24.209.42.242:2826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47052 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7A3528F  Ack: 0x139FF295  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-16:58:33.702747 66.196.65.24:28151 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6592 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9574EFB  Ack: 0x2CFF6A51  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.541969 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57738 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6067338  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.550268 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE60678EC  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:55:59.395568 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44788 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27450  Ack: 0x72B8022  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:55:59.434006 24.209.42.242:2295 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3C27A04  Ack: 0x72B8022  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:06:13.712062 24.209.98.148:3812 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40493 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A135B10  Ack: 0x2D3D7E69  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:06:13.740534 24.209.98.148:3812 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40494 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A1360C4  Ack: 0x2D3D7E69  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:16:16.199420 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A24E6  Ack: 0x54C32C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:16:16.221733 24.209.42.242:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3A2A9A  Ack: 0x54C32C8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:17:02.226850 24.209.98.148:2356 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889ED1A4  Ack: 0x573C12DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-18:17:02.250234 24.209.98.148:2356 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x889ED758  Ack: 0x573C12DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-18:51:46.444983 66.196.65.24:59697 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48375 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDA8B159  Ack: 0xD92144EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-20:54:35.003258 66.196.65.24:18405 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:10275 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53B47259  Ack: 0xA93AFE20  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:00:37.172559 24.101.169.3:2064 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4BE28ADC  Ack: 0xC0015513  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:00:37.269101 24.101.169.3:2064 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16652 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4BE29090  Ack: 0xC0015513  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:25.058896 24.208.232.173:2583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42393 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x440D1E93  Ack: 0x6647626D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:27.621518 24.208.232.173:2606 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42624 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x44274FC5  Ack: 0x6615702B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:27.880950 24.208.232.173:2610 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42654 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x442BC932  Ack: 0x668205F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:28.149150 24.208.232.173:2616 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42667 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4431A46D  Ack: 0x65FE454C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:28.490097 24.208.232.173:2620 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42696 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x443676E3  Ack: 0x65F1046F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-21:44:28.803567 24.208.232.173:2627 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42734 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x443BC828  Ack: 0x6685AAA8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-21:44:32.160475 24.208.232.173:2675 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x446B8550  Ack: 0x66494D8C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:32.516770 24.208.232.173:2682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43079 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4471BA84  Ack: 0x66C14771  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:32.909140 24.208.232.173:2689 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x447823F8  Ack: 0x6647077F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:36.404753 24.208.232.173:2744 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43417 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44AE84A4  Ack: 0x6640F93D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:36.842791 24.208.232.173:2750 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43466 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44B3EA6E  Ack: 0x66FAE162  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.116213 24.208.232.173:2755 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43490 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44B901CA  Ack: 0x67118964  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.522980 24.208.232.173:2759 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43527 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x44BD9E4F  Ack: 0x66E09EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:37.789499 24.208.232.173:2763 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44C1D183  Ack: 0x6683F970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:38.053807 24.208.232.173:2770 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43583 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x44C80B2F  Ack: 0x66DA2BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:44:41.368682 24.208.232.173:2830 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43929 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4501A2F1  Ack: 0x6688C8D8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:50:16.194715 24.42.15.25:2163 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33983 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72382245  Ack: 0x7B914A9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-21:50:16.259360 24.42.15.25:2163 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33984 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x723827F9  Ack: 0x7B914A9B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:41:56.724896 24.218.253.67:4385 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7246 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBC59986F  Ack: 0x22BAEB66  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:00.353167 24.218.253.67:4641 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7803 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBD0EEDEC  Ack: 0x231BFEC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:07.595324 24.218.253.67:1085 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:8953 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDC19CF0  Ack: 0x22AE82C5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:08.409905 24.218.253.67:1311 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9089 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBE738E7B  Ack: 0x233EBE2F  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:12.881211 24.218.253.67:1567 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9840 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF42F7E1  Ack: 0x23CE8076  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-23:42:13.867033 24.218.253.67:1612 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10011 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF67521C  Ack: 0x23B18E35  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-23:42:14.845230 24.218.253.67:1672 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10168 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF9717BC  Ack: 0x23F3725A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:19.044654 24.218.253.67:1923 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10855 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC05B650F  Ack: 0x24268045  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]