SnortSnarf alert page

Destination: 192.168.1.6: #3301-3400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:30:35.521823 on 05/14/2003
Latest: 15:30:16.363253 on 05/15/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:30:35.521823 24.209.98.148:4424 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4601326  Ack: 0xEB3E614F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:01.278046 24.129.102.205:2610 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22667 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA2FB51E2  Ack: 0xF3B6F3EE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:05.895569 24.129.102.205:2796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23354 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA3989CD2  Ack: 0xF4643C98  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:06.673545 24.129.102.205:2814 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23450 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3A9D5FA  Ack: 0xF47B717C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:25.768449 24.129.102.205:3219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26055 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA4F84A00  Ack: 0xF4F0BD20  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:35.999897 24.129.102.205:3976 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27320 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA75EA834  Ack: 0xF75C25AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-19:33:49.007778 24.129.102.205:4367 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29068 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8A1D6C8  Ack: 0xF788A18A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-19:33:53.375919 24.129.102.205:4770 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29694 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA9A61ECA  Ack: 0xF7CFE326  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:54.170107 24.129.102.205:4800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29784 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA9B88D50  Ack: 0xF7E1F34C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:58.412091 24.129.102.205:1072 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30388 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA3C19F2  Ack: 0xF887340E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:33:59.314697 24.129.102.205:1096 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30476 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA508F91  Ack: 0xF8A04D8F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:06.739095 24.129.102.205:1282 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAAEE2668  Ack: 0xF9257EA6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:36.337783 24.129.102.205:2551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35708 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAF127D49  Ack: 0xFAB25F24  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:46.063225 24.129.102.205:2569 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37025 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF22530C  Ack: 0xFAB1EDCE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:47.031932 24.129.102.205:2959 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37133 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB06873E4  Ack: 0xFB7C64BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-19:34:47.570518 24.129.102.205:3044 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0AA570A  Ack: 0xFB0D5D27  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:10:28.130486 24.209.196.254:2485 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47808 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x508FCE46  Ack: 0x82761370  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:10:28.162753 24.209.196.254:2485 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x508FD3FA  Ack: 0x82761370  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:32:08.274521 24.157.60.48:1828 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33586 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ED9199  Ack: 0xD327EC5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:32:08.337760 24.157.60.48:1828 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:33587 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ED974D  Ack: 0xD327EC5D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:40:02.387406 24.81.48.235:3757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56112 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD9534E21  Ack: 0xF1D413AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:40:02.482926 24.81.48.235:3757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56113 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95353D5  Ack: 0xF1D413AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:57:17.053727 61.11.35.67:4382 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:53657 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xF65AD2A4  Ack: 0x32B07918  Win: 0x27B4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-20:57:17.265955 61.11.35.67:4382 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:53658 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xF65AD850  Ack: 0x32B07918  Win: 0x27B4  TcpLen: 20

[**] [111:13:1] (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection [**]
05/14-21:00:54.229774 69.10.8.124:22 -> 192.168.1.6:22
TCP TTL:22 TOS:0x0 ID:39426 IpLen:20 DgmLen:40
******SF Seq: 0x40BB05AB  Ack: 0x41104B05  Win: 0x404  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:40.954839 24.165.15.145:4591 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6420D020  Ack: 0x472997C1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:45.315183 24.165.15.145:4815 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21169 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x64DA0C2D  Ack: 0x46CE8E3F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:49.133950 24.165.15.145:4858 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21834 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64FC542A  Ack: 0x478AA28D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:52.877264 24.165.15.145:1182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22495 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x65FA6B1F  Ack: 0x47E3DD02  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:57.195337 24.165.15.145:1354 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23210 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6687DDB7  Ack: 0x4801A4C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-21:02:58.114782 24.165.15.145:1379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x669BED6B  Ack: 0x48358999  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/14-21:02:58.864845 24.165.15.145:1410 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23512 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66B5EA20  Ack: 0x48273ADD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:02:59.662259 24.165.15.145:1429 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23646 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x66C5F8A5  Ack: 0x482F0607  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:00.079763 24.165.15.145:1446 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66D5947C  Ack: 0x4858C1DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:04.002911 24.165.15.145:1584 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x674CDF39  Ack: 0x482A1C08  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:07.736277 24.165.15.145:1693 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67AB8092  Ack: 0x48C42968  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:08.173966 24.165.15.145:1714 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24859 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67BAC631  Ack: 0x4827D445  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:08.546938 24.165.15.145:1720 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24893 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x67C0B1C2  Ack: 0x48B4C322  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:12.143086 24.165.15.145:1830 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25357 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x68214C04  Ack: 0x48716B1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:12.520648 24.165.15.145:1847 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25388 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x682F8D7A  Ack: 0x48F2E54E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-21:03:22.733169 24.165.15.145:2273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26819 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x698FE03F  Ack: 0x491BBBD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-22:52:55.951164 24.218.145.201:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFAB1066C  Ack: 0xE84D7C6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-22:52:55.952518 24.218.145.201:4148 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15600 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFAB10C20  Ack: 0xE84D7C6E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-23:25:49.480391 24.196.16.17:4867 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48835 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D56F833  Ack: 0x63CF163B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-23:25:49.550540 24.196.16.17:4867 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48836 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D56FDE7  Ack: 0x63CF163B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-00:34:38.423979 66.196.65.24:33130 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:60478 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x11059A30  Ack: 0x6806B4AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-00:36:54.491631 24.81.210.230:1601 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:14684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDEDB5686  Ack: 0x708E1E56  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-00:36:54.588485 24.81.210.230:1601 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:14685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDEDB5C3A  Ack: 0x708E1E56  Win: 0xFFFF  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-01:06:51.896335 12.126.33.98 -> 192.168.1.6
ICMP TTL:233 TOS:0x0 ID:64871 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:45889 -> 208.244.233.4:113
TCP TTL:49 TOS:0x0 ID:35332 IpLen:20 DgmLen:60 DF
Seq: 0xE23E44E0  Ack: 0x6B20C33E
** END OF DUMP

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:31.723936 24.99.137.153:1682 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59724 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8786BC6E  Ack: 0x9D4A9DA4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.602600 24.99.137.153:1863 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60686 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x882161F7  Ack: 0x9DC96978  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.740725 24.99.137.153:1998 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60709 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x88982506  Ack: 0x9D2E8C4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:39.885593 24.99.137.153:2002 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60731 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x889B6CA2  Ack: 0x9DB6B0DB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:56:40.390189 24.99.137.153:2019 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60782 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88A9F549  Ack: 0x9DDDC872  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-01:56:53.174741 24.99.137.153:2496 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62916 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A2A3FC9  Ack: 0x9E0074F5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-01:56:53.319563 24.99.137.153:2649 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62933 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A9E246B  Ack: 0x9EADAC75  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:02.743307 24.99.137.153:3070 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64532 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BFFEF38  Ack: 0x9EF754F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:02.945040 24.99.137.153:3075 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64555 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8C054F09  Ack: 0x9EAC51FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.398695 24.99.137.153:3434 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D310182  Ack: 0x9F6150F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.551389 24.99.137.153:3438 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D34EB6F  Ack: 0x9F7A8F42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.724436 24.99.137.153:3448 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:245 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8D3CEE06  Ack: 0xA0114684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:12.910119 24.99.137.153:3451 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8D40AFAB  Ack: 0x9FCF497B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:13.046338 24.99.137.153:3460 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:331 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8D48E195  Ack: 0x9FF8F28D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:13.223600 24.99.137.153:3465 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:363 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8D4E59C7  Ack: 0x9F94FCD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-01:57:22.647258 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8EBA468B  Ack: 0xA064C76E  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-06:06:25.314322 151.204.211.128:63606 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:57123 IpLen:20 DgmLen:187
***AP*** Seq: 0x71E21CE6  Ack: 0x4DA269A8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-07:30:44.106473 66.147.154.3:41212 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:11100 IpLen:20 DgmLen:229 DF
***AP*** Seq: 0x5470CF15  Ack: 0x8B7E7916  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22302740 1654247276 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-08:42:26.542102 24.83.20.152:3874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB27128A  Ack: 0x9AF4CC49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-08:42:26.639343 24.83.20.152:3874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB27183E  Ack: 0x9AF4CC49  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-09:06:52.745014 24.98.4.90:1764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25757 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x519AF244  Ack: 0xF6FC6290  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-09:06:52.754511 24.98.4.90:1764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25758 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x519AF7F8  Ack: 0xF6FC6290  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:20.840266 24.63.13.134:3139 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16052 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x454E2ED5  Ack: 0xAF771C94  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:31.327285 24.63.13.134:3804 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18013 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x47480A55  Ack: 0xB02F8492  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:36.060997 24.63.13.134:4243 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18912 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x489B3A67  Ack: 0xB0B5885A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:37.719727 24.63.13.134:4440 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19204 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49191A17  Ack: 0xB099CD54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:39.200382 24.63.13.134:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x49604C38  Ack: 0xB024C9CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:44.763666 24.63.13.134:4848 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20497 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49C609D9  Ack: 0xB0F85829  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:03:50.122762 24.63.13.134:1473 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:21586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B585201  Ack: 0xB14050D6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:55.020167 24.63.13.134:1789 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4C4B4FA2  Ack: 0xB18BC03C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:03:59.663823 24.63.13.134:1925 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB2FE76  Ack: 0xB2261DDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:34.584585 24.63.13.134:2040 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:3547 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x99458DB2  Ack: 0xCAA94A21  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:38.670832 24.63.13.134:2169 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:4485 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x99A7C67B  Ack: 0xCA90ADA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:10:42.890714 24.63.13.134:2635 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:5320 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B024E88  Ack: 0xCAF9426A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:05.312093 24.63.13.134:2706 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9534 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B346E88  Ack: 0xCB2FA9EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:06.707286 24.63.13.134:4145 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F77B445  Ack: 0xCC0AF929  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:11.110049 24.63.13.134:4479 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10753 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA06D5077  Ack: 0xCC3F62A3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-11:11:12.562362 24.63.13.134:4550 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:10969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0812844  Ack: 0xCCE9E56E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:16.959844 24.63.13.134:4842 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:11782 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0EB82C6  Ack: 0xCCED25CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:21.680298 24.63.13.134:1252 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:12656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1D0DDC2  Ack: 0xCCF4A247  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:26.232725 24.63.13.134:1747 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:13599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA34621CA  Ack: 0xCD915946  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:36.590180 24.63.13.134:1770 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:15595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA35A4DB1  Ack: 0xCD4E0C65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.506908 24.63.13.134:2505 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16457 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA57E9A30  Ack: 0xCE91B79D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:40.988000 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:16523 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:43.861369 24.63.13.134:2748 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6345C6E  Ack: 0xCE5770FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:44.720084 24.63.13.134:2938 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17158 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6C8E59D  Ack: 0xCEEEECC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:45.844813 24.63.13.134:3064 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:17462 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA7234A7F  Ack: 0xCE468533  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-11:11:50.599893 24.63.13.134:3305 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:18396 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7DF7E65  Ack: 0xCEC4F287  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-12:20:05.885999 24.91.171.1:2652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11495 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7043E523  Ack: 0xD1214470  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-12:20:05.915689 24.91.171.1:2652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7043EAD7  Ack: 0xD1214470  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:16.363253 24.99.136.16:1667 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:54002 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAA01EE6C  Ack: 0x9F93837C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]