SnortSnarf alert page

Destination: 192.168.1.6: #3201-3300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:11:19.622936 on 05/13/2003
Latest: 19:30:35.490586 on 05/14/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:19.622936 24.245.2.233:2180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45967 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AB1E555  Ack: 0xED5B656E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:20.298916 24.245.2.233:2198 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46075 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2AC38D63  Ack: 0xED891C33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:27.413283 24.245.2.233:2316 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B2968B5  Ack: 0xEE2C79FB  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:31.074542 24.245.2.233:2423 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47940 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B882B1E  Ack: 0xEE451B52  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:35.310389 24.245.2.233:2590 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48430 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2C1D72E8  Ack: 0xEE15A2EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:39.139436 24.245.2.233:2608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C2CB603  Ack: 0xEE66F5AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:42.854983 24.245.2.233:2706 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C838935  Ack: 0xEF16C5E7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:46.979172 24.245.2.233:2896 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49967 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D2B27A8  Ack: 0xEF664E81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:50.574647 24.245.2.233:2926 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D43D324  Ack: 0xEF08DA85  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:54.601467 24.245.2.233:3103 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2DDEB883  Ack: 0xEF2DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:55.574742 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50942 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:58.385144 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:12:03.031848 24.245.2.233:3344 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2EACF522  Ack: 0xEFBF5684  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:17.820892 24.205.10.247:1287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13960 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD83EFE10  Ack: 0x4B0DF286  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:24.572990 24.205.10.247:1365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14134 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD89195A1  Ack: 0x4B2844A5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:28.150447 24.205.10.247:1414 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14233 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8C41532  Ack: 0x4BCC597E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:28.494086 24.205.10.247:1416 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8C6D5D7  Ack: 0x4B6FC6DE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:37.776105 24.205.10.247:1546 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14563 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD94D7962  Ack: 0x4C4A8102  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-02:59:38.153081 24.205.10.247:1551 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14576 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD952A4FD  Ack: 0x4C15308E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-02:59:38.503082 24.205.10.247:1553 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD954EAF3  Ack: 0x4C1D568F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:38.836443 24.205.10.247:1556 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14601 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD959254A  Ack: 0x4C18B06A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:39.190517 24.205.10.247:1557 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD95B2BF7  Ack: 0x4CA9EF19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:48.930297 24.205.10.247:1681 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD9DE0FB1  Ack: 0x4D5C2B40  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:49.278635 24.205.10.247:1688 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:14916 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD9E4B8D4  Ack: 0x4CACC8CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-02:59:52.582313 24.205.10.247:1744 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15107 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA1A6E6A  Ack: 0x4D4A6DF9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.174978 24.205.10.247:1900 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDAB40F8A  Ack: 0x4E049187  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.517064 24.205.10.247:1906 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15567 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAB95675  Ack: 0x4D8B5D51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:02.823257 24.205.10.247:1915 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15580 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDAC0D177  Ack: 0x4DB1F480  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:00:03.156808 24.205.10.247:1920 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15601 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAC55D61  Ack: 0x4D6001D2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:02.659635 24.157.60.48:3379 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:63769 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5BA4B3FB  Ack: 0x60D3CABF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:12.750219 24.157.60.48:3671 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64961 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5CA835EF  Ack: 0x60F02755  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:13.613736 24.157.60.48:3687 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:65037 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5CB59B6F  Ack: 0x60CDC614  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:22.754107 24.157.60.48:3960 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:800 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5DA2B50A  Ack: 0x621D7125  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:05:45.083342 24.157.60.48:4541 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3781 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F9E5D81  Ack: 0x62DE03BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:05:46.876886 24.157.60.48:4587 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4001 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FC574AF  Ack: 0x62ED5A1C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:06:32.821221 24.157.60.48:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:10083 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x64409BAF  Ack: 0x661364DA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:43.735825 24.157.60.48:2201 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:11427 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6534762E  Ack: 0x663CDB53  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:50.311992 24.157.60.48:2381 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12298 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65D3798A  Ack: 0x6720E1F9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:52.668525 24.157.60.48:2381 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65D3798A  Ack: 0x6720E1F9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:54.628491 24.157.60.48:2508 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12786 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66438EDA  Ack: 0x673B3279  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:06:56.608532 24.157.60.48:2536 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:12990 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x665CF35E  Ack: 0x67476273  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:07.310917 24.157.60.48:2834 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14375 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x67643C49  Ack: 0x67D79DC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:09.377190 24.157.60.48:2888 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6793A444  Ack: 0x686F5DD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:11.685838 24.157.60.48:2943 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:14862 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67C2F78F  Ack: 0x68852177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:07:16.147834 24.157.60.48:3006 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:15479 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67FA29F3  Ack: 0x69008164  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:23.771875 24.209.42.242:1445 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22143 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA84A4ABC  Ack: 0xF1847787  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:26.956721 24.209.42.242:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22319 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA88BC1D2  Ack: 0xF2108AF2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.044953 24.209.42.242:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22328 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88D6332  Ack: 0xF208C192  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.140971 24.209.42.242:1519 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22348 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA88EB7AC  Ack: 0xF20EC748  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.242435 24.209.42.242:1521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA8907843  Ack: 0xF1CD89DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:43:27.320134 24.209.42.242:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22366 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA892A85F  Ack: 0xF2705191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-03:43:27.381906 24.209.42.242:1524 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA893EADF  Ack: 0xF1E0A2D5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.454650 24.209.42.242:1525 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22380 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8948B03  Ack: 0xF2003C97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:27.525179 24.209.42.242:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22389 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA895A8CD  Ack: 0xF2421A71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.670668 24.209.42.242:1685 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22836 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92AD9AC  Ack: 0xF26669B5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.778516 24.209.42.242:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22848 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92C6308  Ack: 0xF2283CE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.889575 24.209.42.242:1690 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92E7B15  Ack: 0xF28B805C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:36.981186 24.209.42.242:1691 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22864 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA92F8F25  Ack: 0xF2E0DDD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:37.063500 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739  Ack: 0xF2BF58E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:40.341688 24.209.42.242:1692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23031 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9302739  Ack: 0xF2BF58E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:46.146199 24.209.42.242:1873 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA9DA3138  Ack: 0xF2CFEA72  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:43:46.232042 24.209.42.242:1875 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA9DC3962  Ack: 0xF2FCA162  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:46:07.810696 24.225.150.212:4824 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x577BDA9D  Ack: 0xFBB64F24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-03:46:07.840535 24.225.150.212:4824 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x577BE051  Ack: 0xFBB64F24  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-09:16:30.168082 66.196.73.77:38913 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3251 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD9EFBF14  Ack: 0xDB0BBC5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:58.557186 24.226.59.104:1299 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17355 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x82B6B116  Ack: 0x1A2B161  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:59.319195 24.226.59.104:1338 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17512 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x82D604EB  Ack: 0x2263B91  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:41:59.717096 24.226.59.104:1355 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17591 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82E45A1C  Ack: 0x280CA48  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:00.070177 24.226.59.104:1372 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:17665 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82F1568F  Ack: 0x268D6A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:09.519132 24.226.59.104:1902 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19579 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84977773  Ack: 0x2BE7267  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-11:42:09.936352 24.226.59.104:1921 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x84A6EF21  Ack: 0x2EDC24A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-11:42:10.287404 24.226.59.104:1938 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19749 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x84B48219  Ack: 0x29BEEC7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:10.565707 24.226.59.104:1958 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:19812 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x84C35CCB  Ack: 0x2A4AC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:20.098090 24.226.59.104:2520 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:21949 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86850155  Ack: 0x334F751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:20.606287 24.226.59.104:2546 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22059 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8699B9DE  Ack: 0x2F7B68B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:21.102664 24.226.59.104:2579 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86B4703C  Ack: 0x3569AE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:21.668330 24.226.59.104:2605 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:22297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C8E5DC  Ack: 0x3C988E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:31.290238 24.226.59.104:3185 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24468 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x889488B0  Ack: 0x4095F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:31.731476 24.226.59.104:3214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24571 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88AB50E4  Ack: 0x372E7DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:34.638951 24.226.59.104:3214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25196 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88AB50E4  Ack: 0x372E7DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:35.213084 24.226.59.104:3421 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25323 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x89522648  Ack: 0x405462C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-11:42:44.466153 24.226.59.104:3932 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AEDB63B  Ack: 0x43C7AC7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:23:53.709443 24.225.185.140:4024 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:53022 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1EC917AA  Ack: 0x9FAB31A6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:23:58.451931 24.225.185.140:4199 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55679 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F5480E8  Ack: 0xA0A2A549  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:02.964910 24.225.185.140:4748 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x210C5D76  Ack: 0xA024067F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:04.464388 24.225.185.140:4888 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2179BE27  Ack: 0xA0EA44AB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:09.009094 24.225.185.140:1194 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22576460  Ack: 0xA0826D75  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-12:24:19.563603 24.225.185.140:1318 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60046 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x22B8D5FC  Ack: 0xA09A41E5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-12:24:24.608109 24.225.185.140:2317 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x25CB1C6A  Ack: 0xA1FDBE02  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-12:24:32.630305 24.225.185.140:2662 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62553 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x26E0147D  Ack: 0xA225C287  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.675802 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30840 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA86CC  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.771433 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA8C80  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:25.426637 129.137.91.78:1247 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30329 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x246DFA1A  Ack: 0x9180B842  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:25.963013 129.137.91.78:1247 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30338 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x246DFAA7  Ack: 0x9180B9B0  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:53.419908 129.137.91.78:1249 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30899 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x668D9CC8  Ack: 0x93C65DFC  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:53.800294 129.137.91.78:1250 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30911 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x80E61BE7  Ack: 0x93232BC3  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-15:43:57.363031 129.137.91.78:1251 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30970 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0x7B696A41  Ack: 0x93A55FF6  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-18:14:46.813269 24.42.15.25:3011 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2677 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21F0B795  Ack: 0xCD419C83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-18:14:46.877730 24.42.15.25:3011 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2678 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21F0BD49  Ack: 0xCD419C83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:30:35.490586 24.209.98.148:4424 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42539 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4600D72  Ack: 0xEB3E614F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]