SnortSnarf alert page

Destination: 192.168.1.6: #301-400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:47:16.831029 on 04/23/2003
Latest: 21:44:13.729679 on 04/23/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.831029 24.29.173.81:1293 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54659 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x90ACCD34  Ack: 0x1EA2A72E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:25.991465 24.29.173.81:1528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x917BF073  Ack: 0x1EF38E83  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:35.219517 24.29.173.81:1808 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56158 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x926E13CD  Ack: 0x2018CAF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:47:35.321403 24.29.173.81:1815 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x927385D5  Ack: 0x1FD6B132  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:47:44.386373 24.29.173.81:2120 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9379A744  Ack: 0x20284F82  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:44.454627 24.29.173.81:2123 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57161 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x937C0F07  Ack: 0x20DB0958  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:44.532611 24.29.173.81:2128 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x937FF156  Ack: 0x208D064B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:47.782719 24.29.173.81:2232 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57450 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93D7705D  Ack: 0x20BA18B0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:50.972770 24.29.173.81:2232 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57702 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93D7705D  Ack: 0x20BA18B0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:52.068501 24.29.173.81:2313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57784 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9422146E  Ack: 0x2061E9D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:53.174082 24.29.173.81:2343 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57861 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x943CAE5D  Ack: 0x21443043  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.387551 24.29.173.81:2372 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57995 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x94578E28  Ack: 0x208EE82E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.472902 24.29.173.81:2391 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9469C17B  Ack: 0x212D5C63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:54.933643 24.29.173.81:2394 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x946B8B96  Ack: 0x20D67645  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:48:04.035685 24.29.173.81:2647 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:58941 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95494B7C  Ack: 0x21E9C6AA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:51:46.900510 216.39.48.4:56965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39065 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF39048A9  Ack: 0x2FD100A1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73650252 668449510 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:34:47.272729 216.39.48.64:40289 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19488 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x94A23EEA  Ack: 0xD2D19B48  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374567684 669771101 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:45:34.371342 216.39.48.74:34299 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24673 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBE4D07C1  Ack: 0xFB562587  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374630316 670102526 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:13.447248 24.85.206.152:3651 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38211 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x68AAD9F3  Ack: 0x8F62045  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:14.554817 24.85.206.152:3683 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38353 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68C44923  Ack: 0x90BFC36  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:18.414642 24.85.206.152:3788 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:38876 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x692094A3  Ack: 0x9E8E756  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:19.408923 24.85.206.152:3817 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x693AC015  Ack: 0x9DAB468  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:20.131171 24.85.206.152:3843 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39133 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69515D52  Ack: 0xA11A65D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:49:30.085751 24.85.206.152:4149 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40572 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A55B664  Ack: 0x9F85ADE  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:49:30.600189 24.85.206.152:4170 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A67FAA9  Ack: 0xA2216B3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:31.223457 24.85.206.152:4186 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40726 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6A75DFA3  Ack: 0xA3DB73A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:31.999589 24.85.206.152:4205 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40836 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A84E10F  Ack: 0xAA13133  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:32.854079 24.85.206.152:4240 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40944 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6AA00650  Ack: 0xA905309  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:33.589690 24.85.206.152:4261 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41061 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6AB15A4B  Ack: 0xA3EEC0D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:42.996259 24.85.206.152:4548 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42324 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BA84FB3  Ack: 0xAB67E5F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:43.170428 24.85.206.152:4554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42361 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6BADE263  Ack: 0xB27FBD4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:46.353088 24.85.206.152:4554 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42726 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6BADE263  Ack: 0xB27FBD4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:52.960040 24.85.206.152:4821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43445 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C7C60AF  Ack: 0xBD383A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:55.893594 24.85.206.152:4821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43770 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C7C60AF  Ack: 0xBD383A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:56.873963 24.85.206.152:4975 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43877 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CCC69CB  Ack: 0xBD39EFF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-01:49:57.692042 24.85.206.152:1042 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43980 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CE3CF25  Ack: 0xC5175D6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:05:32.912613 216.39.48.24:35995 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60013 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9A494D7  Ack: 0x4696AA4E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 356744906 670716384 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:22:36.256710 216.39.48.84:43025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A932560  Ack: 0x8772C4D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374851562 671240509 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-02:36:51.893661 216.39.48.84:57038 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18030 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8008506A  Ack: 0xBDDE939F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374937106 671678742 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-03:41:32.960660 24.173.6.106:2908 -> 192.168.1.6:80
TCP TTL:15 TOS:0x0 ID:44248 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A00009A  Ack: 0xB1798184  Win: 0xB680  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-03:41:32.970460 24.173.6.106:2908 -> 192.168.1.6:80
TCP TTL:15 TOS:0x0 ID:44249 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A00064E  Ack: 0xB1798184  Win: 0xB680  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-03:43:11.043525 216.39.48.64:52894 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37491 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A38A1FE  Ack: 0xB82EE37C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375337882 673716744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:25:25.190767 216.39.48.84:58768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1A15C569  Ack: 0x56CA4437  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375588283 675014660 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:30:26.634277 216.39.48.33:52574 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21582 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D4E14E0  Ack: 0x6A2FA455  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 366362784 675169050 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:32:29.694828 64.68.82.26:37241 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:23663 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x344ECFDE  Ack: 0x71334A01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 486315354 675229964 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:971:3] WEB-IIS ISAPI .printer access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-04:48:34.662525 216.238.127.38:54607 -> 192.168.1.6:80
TCP TTL:236 TOS:0x0 ID:21673 IpLen:20 DgmLen:1222 DF
***AP*** Seq: 0x5F8F615  Ack: 0xADBD5BE4  Win: 0x2238  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS533][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:06:54.112806 216.39.48.94:44332 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6534 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6D7F7E4  Ack: 0xF31189D1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375844469 676289413 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:28:27.188541 216.39.48.54:42185 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12589 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x870E4B7  Ack: 0x4476B120  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375969194 676951690 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-05:37:37.430625 12.103.170.70:1856 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:28647 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x6CA8493D  Ack: 0x67C9B866  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:51:39.537905 216.39.48.84:47046 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:14307 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5FEEDD8F  Ack: 0x9CD519DB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376105597 677664807 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:51:46.035538 216.39.48.114:47088 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23178 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6047A726  Ack: 0x9CCE6F91  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376110522 677668139 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-06:47:22.120329 216.39.48.64:36328 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40828 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x31749025  Ack: 0x704BADD3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376442731 679376784 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-07:10:55.423146 216.39.48.104:47221 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:55828 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8B4EF5C5  Ack: 0xC86BCF87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376582115 680100636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-07:44:31.910218 216.39.48.114:52972 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52980 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95B810F  Ack: 0x4738A9A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376786953 681133422 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:07:09.357568 216.39.48.64:50796 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5EE81D4B  Ack: 0x9C175EE1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376921342 681828665 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:10:25.353723 216.39.48.94:60914 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6C3CE11E  Ack: 0xA938EB62  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376945349 681929052 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:05:20.156347 216.39.48.94:42915 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33822 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3B34456C  Ack: 0x781A24C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377274756 683616553 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:29:56.192520 216.39.48.44:58728 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53006 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9882E5C0  Ack: 0xD5094EB9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 368061120 684372535 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:55:54.151086 216.39.48.13:36737 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16117 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF9E85B39  Ack: 0x36F6ED55  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377578970 685170465 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:20:16.491394 216.39.48.13:34353 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x54E45456  Ack: 0x934283CE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377725172 685919444 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:54:51.918936 216.39.48.64:51706 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD8B1B5F1  Ack: 0x160E11CB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377927363 686982417 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-11:44:09.768601 216.39.48.94:40949 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12799 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x93337AD9  Ack: 0xD1076B29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378227506 688497341 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-12:02:15.930542 216.39.48.84:42425 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44880 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD6997933  Ack: 0x14BF605E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378328714 689053636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-12:11:50.665635 216.39.48.13:38073 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:41404 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFBAA7688  Ack: 0x38E0EFF6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378394442 689348003 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:03:45.620231 216.39.48.74:39137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22392 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBEBE2DB0  Ack: 0xFD0CC1A5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378698471 690943385 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:18:32.173713 216.39.48.44:50668 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18293 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF7465042  Ack: 0x35AB6BEC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 369432384 691397450 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:44:18.707823 216.39.48.84:52207 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21842 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x57AE78F4  Ack: 0x964FDC4B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378940848 692189547 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:53:32.620210 216.39.48.64:56667 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34493 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7C3897C5  Ack: 0xB8605ACF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378999182 692473235 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:26:57.688393 216.39.48.104:45917 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18304 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF9785E77  Ack: 0x3786FB2D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379197717 693500179 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:37:47.490102 66.196.65.24:16019 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:5613 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x23B1FDD9  Ack: 0x600489F7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:45:22.114048 216.39.48.33:60955 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40338 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F45154B  Ack: 0x7D3C16A8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370051304 694065833 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:57:48.532687 216.39.48.64:33854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6EBA9E69  Ack: 0xAB429CAB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379384683 694448130 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:08:54.147105 216.39.48.114:41672 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43384 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98E255F6  Ack: 0xD606ABAA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379452564 694789021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:18:30.978684 216.39.48.24:56637 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58478 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC32F725  Ack: 0xFA43D834  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 361501540 695084394 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:39:30.117129 216.39.48.94:39912 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8554 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC0DF4C4  Ack: 0x49D190F4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379639228 695729351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-16:17:21.169961 216.39.48.44:59982 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9350 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x99E15085  Ack: 0xD7FC27D6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370505024 696892533 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-16:44:14.136101 24.120.224.114:4050 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:48034 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E001EE  Ack: 0x3E5DE2DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-16:44:14.140643 24.120.224.114:4050 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:48035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x77E007A2  Ack: 0x3E5DE2DA  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/23-16:50:58.438773 63.144.64.70 -> 192.168.1.6
ICMP TTL:238 TOS:0x0 ID:25382 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:80 -> 63.144.89.250:2088
TCP TTL:42 TOS:0x0 ID:53216 IpLen:20 DgmLen:843 DF
Seq: 0x5722DCE1  Ack: 0xB2FCA63E
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:03:18.001552 216.239.46.82:54169 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:39075 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x47F351A3  Ack: 0x84D6E130  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 83241618 698301425 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:24:51.807399 216.39.48.44:60187 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:11850 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98388D60  Ack: 0xD7875D66  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370909989 698967146 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-17:37:41.766058 216.39.48.44:46649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56606 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC98512DB  Ack: 0x8EB7363  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370986967 699361491 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:01:09.199442 216.39.48.24:45996 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42124 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x223F5184  Ack: 0x6052D835  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362477123 700082345 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:08:00.638959 216.39.48.24:41604 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:395 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3B86976E  Ack: 0x7B203717  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362518257 700293073 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:16:06.466732 216.39.48.74:52817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62922 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5AF1E478  Ack: 0x986AC8F1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 380572110 700541887 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:23:30.330504 66.196.65.24:19041 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:45934 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA2104FDE  Ack: 0xB52AE2E9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-19:14:30.830177 24.129.124.68:4453 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x358FFDBD  Ack: 0x75B0CF47  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-19:14:30.847078 24.129.124.68:4453 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38801 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35900371  Ack: 0x75B0CF47  Win: 0xFC00  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-19:42:45.098608 216.39.48.24:47151 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47738 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA16AF8AD  Ack: 0xDFD25F90  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 363086563 703204476 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:16:56.350033 216.39.48.74:45459 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53766 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2324F315  Ack: 0x61D99128  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381296926 704255068 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:23:19.774670 216.39.48.104:54404 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22886 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3C44EE0E  Ack: 0x7A041B44  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381335417 704451440 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:34:05.202867 216.39.48.94:41577 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x63D9497A  Ack: 0xA2410C2B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381406346 704782021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.891560 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16203 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F478E2C  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.921280 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16204 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F4793E0  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.834863 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872713  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.865559 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872CC7  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:48:50.489938 216.39.48.84:51767 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6991 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4A1275  Ack: 0xDAB720E1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381487430 705235444 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:25:32.394177 216.39.48.114:37649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62708 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x26928104  Ack: 0x644CE6A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381711870 706363192 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:34:47.514744 216.39.48.94:37933 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x486E316B  Ack: 0x8752B135  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381770496 706647501 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:44:13.729679 216.39.48.64:57761 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5103 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6D0F3572  Ack: 0xAB7DAA88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381822634 706937503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]