SnortSnarf alert page

Destination: 192.168.1.6: #3501-3600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:15:34.983160 on 05/15/2003
Latest: 13:49:24.895409 on 05/16/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.983160 24.209.42.242:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20831 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6669D2F8  Ack: 0x7D794FC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:44.105712 24.209.42.242:4485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22002 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x679AEA3D  Ack: 0x7D9883AF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:29:19.354413 24.68.67.114:26869 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8650 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F63D9FB  Ack: 0xB10A51AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:29:19.420946 24.68.67.114:26869 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F63DFAF  Ack: 0xB10A51AC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:45.065705 24.157.173.39:1708 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18578 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFAA12381  Ack: 0x647D46E7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:46.571531 24.157.173.39:1728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18767 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFAB48B0A  Ack: 0x648C5518  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:51.063182 24.157.173.39:1786 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19209 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFAF04C2E  Ack: 0x651F70E0  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:55.082728 24.157.173.39:1845 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFB2C6E23  Ack: 0x6553C622  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:16:56.576364 24.157.173.39:1863 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFB3CEEAB  Ack: 0x65A55D75  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-00:16:57.569152 24.157.173.39:1878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB4E9D9C  Ack: 0x654074F6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-00:16:58.556264 24.157.173.39:1898 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19898 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB5F7EB8  Ack: 0x654689F9  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:00.070526 24.157.173.39:1910 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19988 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFB6B4030  Ack: 0x65AB35E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:01.062527 24.157.173.39:1931 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB81896D  Ack: 0x65A90AB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:02.064368 24.157.173.39:1945 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20215 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB906A09  Ack: 0x658B95A2  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:06.577976 24.157.173.39:1998 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20597 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBCBABC1  Ack: 0x65BD1512  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:07.574388 24.157.173.39:2016 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBDF325E  Ack: 0x667B7DB1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:09.075727 24.157.173.39:2039 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20850 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFBF46431  Ack: 0x65EB1240  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:10.087637 24.157.173.39:2056 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20980 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC070468  Ack: 0x667848E5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:11.577223 24.157.173.39:2076 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21106 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFC19AC16  Ack: 0x660C0610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-00:17:12.597421 24.157.173.39:2095 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21242 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC2BB026  Ack: 0x6679FAD5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:22.489402 24.91.57.211:3131 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9623 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9FF355A5  Ack: 0x685AD1DC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:26.265087 24.91.57.211:3180 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9725 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0255DA7  Ack: 0x6888B0E8  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:35.725158 24.91.57.211:3337 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10205 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0BE9B55  Ack: 0x69DBFAEE  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:38.906899 24.91.57.211:3373 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10293 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0E55307  Ack: 0x6988B6EE  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:42.298389 24.91.57.211:3412 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA10E3D25  Ack: 0x6999F8C1  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-02:33:42.454386 24.91.57.211:3414 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10390 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1108271  Ack: 0x69B1DA18  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-02:33:55.240526 24.91.57.211:3556 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10873 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1A2F8EE  Ack: 0x6ABC8FEE  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:33:58.880425 24.91.57.211:3614 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11004 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1DC9EB6  Ack: 0x6A9A79E7  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:02.506167 24.91.57.211:3690 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11082 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2281465  Ack: 0x6AD365F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.002740 24.91.57.211:3892 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E1BFEC  Ack: 0x6B571A04  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.172258 24.91.57.211:3895 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11817 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E471B8  Ack: 0x6B823800  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.381340 24.91.57.211:3899 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11827 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E81979  Ack: 0x6BAD44E8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.543927 24.91.57.211:3903 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11840 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA2EBD58A  Ack: 0x6BEE4DB5  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.704869 24.91.57.211:3907 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA2EF29DD  Ack: 0x6B7D6C03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:12.872046 24.91.57.211:3912 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11859 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2F3731B  Ack: 0x6BBB1E33  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-02:34:22.337608 24.91.57.211:4035 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12152 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA37181AA  Ack: 0x6C17C972  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:51:40.950494 24.209.42.242:1340 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21257 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5F7D344C  Ack: 0x8F97AC1D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:51:41.175489 24.209.42.242:1401 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21278 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5FAC02EA  Ack: 0x902ABA97  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:02.271418 24.209.42.242:2015 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23042 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61BDF193  Ack: 0x91680CDB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:11.375084 24.209.42.242:2307 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23810 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62B64F79  Ack: 0x91A42AF8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:20.512605 24.209.42.242:2486 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24381 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6359AC14  Ack: 0x91E8AB79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-03:52:20.602791 24.209.42.242:2487 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24391 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x635ACBD8  Ack: 0x91E451B7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-03:52:20.747877 24.209.42.242:2568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:24485 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6398011E  Ack: 0x9242EF13  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:29.814757 24.209.42.242:2821 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25355 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x64763ABC  Ack: 0x942CCB0D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:29.985880 24.209.42.242:2822 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25368 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64770232  Ack: 0x93684C9C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.079545 24.209.42.242:2825 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25376 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647A39DD  Ack: 0x93AC2DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.204116 24.209.42.242:2828 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25393 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x647CCAD3  Ack: 0x935F15B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.317372 24.209.42.242:2832 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6480839E  Ack: 0x93A02B54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:30.425489 24.209.42.242:2834 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25421 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6482761E  Ack: 0x942E1A7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.515516 24.209.42.242:2987 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25824 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FCADDB  Ack: 0x93E01F19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.604565 24.209.42.242:2989 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25832 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64FE8979  Ack: 0x93803281  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-03:52:33.710054 24.209.42.242:2990 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64FF7B90  Ack: 0x93C80542  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-05:07:03.383466 12.148.209.198:59906 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:34332 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0xA22F282F  Ack: 0xAD0248FA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326091478 1694084267 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-05:07:03.679184 12.148.209.198:59906 -> 192.168.1.6:80
TCP TTL:48 TOS:0x0 ID:34333 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0xA22F282F  Ack: 0xAD0248FA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326091508 1694084267 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:05:59.630555 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57946 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3946  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:06:02.106471 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3EFA  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:15:27.983578 24.209.177.126:3350 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CD76AFA  Ack: 0x3A35DB85  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:15:27.989267 24.209.177.126:3350 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6943 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CD770AE  Ack: 0x3A35DB85  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.476054 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEA36  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.508996 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEFEA  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:54.662279 24.63.13.134:2727 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59190 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF9BE8ABD  Ack: 0x4A32AA46  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:58.955805 24.63.13.134:2784 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59928 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF9EA6EA0  Ack: 0x4B3BC3C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.306630 24.63.13.134:2946 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59987 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA68D3FA  Ack: 0x4A754411  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.693881 24.63.13.134:3014 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFA9BC11E  Ack: 0x4B339B87  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:19:59.994293 24.63.13.134:3024 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAA4C344  Ack: 0x4B2C383D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.665906 24.63.13.134:3534 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61788 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC34C8D2  Ack: 0x4BC3BDA1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-10:20:09.930476 24.63.13.134:3540 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61831 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC39F4DB  Ack: 0x4B949691  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:10.238837 24.63.13.134:3545 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61866 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFC3E5FA7  Ack: 0x4B5C4BC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.017204 24.63.13.134:4041 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63475 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDB9C874  Ack: 0x4C8ADA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.347676 24.63.13.134:4048 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63509 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDBE4369  Ack: 0x4C0D89D8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:20.742905 24.63.13.134:4053 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDC337C3  Ack: 0x4BF24A29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.485367 24.63.13.134:4109 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63727 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFDEBF338  Ack: 0x4BC3ABE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:21.744651 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:24.735323 24.63.13.134:4114 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64265 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFDEFB6B7  Ack: 0x4C5EFEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:25.221898 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.190258 24.63.13.134:4297 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE7F81E5  Ack: 0x4C097C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:28.518068 24.63.13.134:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:64903 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFF09C901  Ack: 0x4CE1E9E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:20:32.256465 24.63.13.134:4694 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:65467 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFF8D67F4  Ack: 0x4CEED0CB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.071617 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3C525  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.094988 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3CAD9  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.942136 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911706  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.964198 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47459 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911CBA  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/16-10:58:10.664209 130.105.3.2 -> 192.168.1.6
ICMP TTL:239 TOS:0x0 ID:35346 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:52168 -> 130.105.1.8:53
UDP TTL:48 TOS:0x0 ID:0 IpLen:20 DgmLen:70 DF
Len: 42
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.687425 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38315 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C7377F  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.705707 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C73D33  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-12:11:51.339850 66.147.154.3:13075 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:14374 IpLen:20 DgmLen:229 DF
***AP*** Seq: 0x8669261D  Ack: 0x842DDB41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32627212 1707138699 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-12:50:46.123100 66.196.65.24:40451 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:61682 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA094178  Ack: 0x16BF60B4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.394209 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA661E5B  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.449832 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA66240F  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.578268 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8A27  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.600546 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8FDB  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:13.094012 24.243.238.248:1618 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:6805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDE6C4D59  Ack: 0xF321F7A1  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:16.602898 24.243.238.248:2038 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7226 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEE7E412  Ack: 0xF364F19F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:16.818779 24.243.238.248:2040 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7253 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDEEA6A99  Ack: 0xF3461F10  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:17.444261 24.243.238.248:2128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7382 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0FE3C4  Ack: 0xF38C1153  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:17.657487 24.243.238.248:2160 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7447 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF22042B  Ack: 0xF3D78D4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:49:17.927632 24.243.238.248:2193 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7516 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF2E21AC  Ack: 0xF3F38E22  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:49:18.178912 24.243.238.248:2242 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7651 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF4A1D48  Ack: 0xF3EB74C2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:21.655735 24.243.238.248:2629 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8243 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDFDDED1F  Ack: 0xF3EBDCB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:24.895409 24.243.238.248:2962 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8725 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0788F19  Ack: 0xF3C03775  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]