SnortSnarf alert page

Destination: 192.168.1.6: #3701-3800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:32:18.026498 on 05/17/2003
Latest: 04:49:17.210075 on 05/18/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.026498 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E3402  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:20.597746 24.209.98.148:1636 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29620 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79BB084D  Ack: 0x6420B8D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:20.619425 24.209.98.148:1636 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29621 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79BB0E01  Ack: 0x6420B8D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:42.272432 24.209.196.254:4007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59BDB2A9  Ack: 0x798B061  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:37:42.273759 24.209.196.254:4007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59BDB85D  Ack: 0x798B061  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:13:33.850462 24.209.45.21:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62325 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x307C53F7  Ack: 0x9025F319  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:13:33.881052 24.209.45.21:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x307C59AB  Ack: 0x9025F319  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.012285 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8332 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF7C02  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.036370 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8333 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF81B6  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.242675 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D16F  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.283506 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D723  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:24:43.581946 24.209.98.148:1437 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:55819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBB4D212  Ack: 0x9BA1E096  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:24:43.610067 24.209.98.148:1437 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:55820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBB4D7C6  Ack: 0x9BA1E096  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:29:32.848301 24.209.98.148:4806 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12524 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4D7DF86  Ack: 0xAEEDFB6C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:29:32.879879 24.209.98.148:4806 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12525 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE4D7E53A  Ack: 0xAEEDFB6C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:56:58.945621 24.131.187.236:3897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:20829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8961431  Ack: 0x160BA70C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-15:56:58.953111 24.131.187.236:3897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:20830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA89619E5  Ack: 0x160BA70C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-16:41:16.303885 66.196.73.77:41697 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:8059 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x868F4120  Ack: 0xBCA12416  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-16:54:54.445202 24.150.134.130:3146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52664 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47F1827E  Ack: 0xF1A66767  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-16:54:54.457156 24.150.134.130:3146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52665 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47F18832  Ack: 0xF1A66767  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.366772 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84BBD4  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.386651 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84C188  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.581994 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1842  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.618714 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1DF6  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-17:55:43.450011 66.196.65.24:30453 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:17369 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CF01363  Ack: 0xD58F2358  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-18:25:32.652758 66.196.73.77:2230 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38229 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x13619246  Ack: 0x4729098B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-19:39:05.620613 66.196.73.77:1519 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:60017 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2D6B474C  Ack: 0x5E0273B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-19:46:48.950644 66.196.65.24:30202 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:62754 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5D8877F2  Ack: 0x7A1724AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:02:42.548428 24.199.81.210:3957 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40162 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDAE4DD06  Ack: 0xB5F69159  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:02:42.605340 24.199.81.210:3957 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40163 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDAE4E2BA  Ack: 0xB5F69159  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:27.410826 24.198.96.120:2224 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58349 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xABA0C04  Ack: 0xC31F8CB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:27.984874 24.198.96.120:2245 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58405 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xACB12ED  Ack: 0xCC70456  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:28.281128 24.198.96.120:2255 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58434 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAD45EA9  Ack: 0xCAFA447  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:31.531227 24.198.96.120:2381 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58785 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB402E91  Ack: 0xD0F750A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:40.839596 24.198.96.120:2660 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59578 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC33D46E  Ack: 0xCF5FD7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-20:25:41.120329 24.198.96.120:2667 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59604 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC3A1B7B  Ack: 0xDB5EAA2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-20:25:41.471792 24.198.96.120:2677 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC437A39  Ack: 0xCF542E5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:50.772654 24.198.96.120:2954 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60348 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD36C1F4  Ack: 0xDEB7B91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:51.013776 24.198.96.120:2961 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3BF340  Ack: 0xDB1D3ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:25:51.273170 24.198.96.120:2966 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60392 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD4029D2  Ack: 0xDC0923B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:00.584307 24.198.96.120:3287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61284 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE52B307  Ack: 0xEFEC8C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:03.811906 24.198.96.120:3378 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61588 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA0E943  Ack: 0xE52233E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.072959 24.198.96.120:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61605 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEA7C456  Ack: 0xF378695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.337627 24.198.96.120:3392 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61630 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEAC6278  Ack: 0xE8A3ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.592665 24.198.96.120:3402 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61661 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEB4D639  Ack: 0xE9A520D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-20:26:04.874734 24.198.96.120:3416 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61713 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC0718E  Ack: 0xEA045BA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:03:52.662701 24.202.34.72:4306 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55745 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBFB08367  Ack: 0x9E2D2779  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:03:59.130684 24.202.34.72:4409 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56263 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC0108968  Ack: 0x9ECEC0A9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:01.101134 24.202.34.72:4432 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56418 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC027D399  Ack: 0x9EEAD255  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:03.038482 24.202.34.72:4470 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC0473659  Ack: 0x9EE996A3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:08.249171 24.202.34.72:4486 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:56854 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC05A12D5  Ack: 0x9F315C46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:04:10.508844 24.202.34.72:4555 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57005 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC09B659E  Ack: 0x9F64B9F2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:04:13.007993 24.202.34.72:4592 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57161 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC0BDA837  Ack: 0x9F1DE732  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:18.488402 24.202.34.72:4620 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57480 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC0DC13F8  Ack: 0x9F355E37  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:20.468709 24.202.34.72:4687 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57638 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC11EB576  Ack: 0x9FDC8407  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:31.918536 24.202.34.72:4843 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1AF7976  Ack: 0xA037768C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:36.864713 24.202.34.72:4872 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58675 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1CC47E6  Ack: 0x9FFB95F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:38.882274 24.202.34.72:4980 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:58816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC210E053  Ack: 0xA11F8387  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:48.021468 24.202.34.72:1090 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC253B91E  Ack: 0xA0AB6CD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:49.973170 24.202.34.72:1164 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC29CC707  Ack: 0xA16844B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:04:52.054952 24.202.34.72:1197 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59662 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2BA1100  Ack: 0xA155E841  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:05:03.220383 24.202.34.72:1376 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC35C9E85  Ack: 0xA27F1EA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:07:41.473346 24.91.243.83:3068 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55718 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x950D0467  Ack: 0xAB716046  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:07:41.477366 24.91.243.83:3068 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x950D0A1B  Ack: 0xAB716046  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:24:47.068606 24.93.48.91:4634 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9790 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1E83ED2F  Ack: 0xED30A3B9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:10.564164 24.93.48.91:1369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13533 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20E4EE97  Ack: 0xEE004A10  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:12.798993 24.93.48.91:1426 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2119C14A  Ack: 0xEE7E83BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:15.127502 24.93.48.91:1519 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14272 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2165A7FD  Ack: 0xEEA7CDDB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:17.406040 24.93.48.91:1581 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x219D2E37  Ack: 0xEE87DED1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:25:19.665250 24.93.48.91:1649 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14974 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21D7E271  Ack: 0xEE777CF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:25:30.826032 24.93.48.91:1997 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16751 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2309B628  Ack: 0xEEED02F6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:33.100025 24.93.48.91:2050 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17089 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x23371C05  Ack: 0xEF5655DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:44.368164 24.93.48.91:2414 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18978 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2470B806  Ack: 0xF09B89DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:46.591863 24.93.48.91:2482 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x24ABCE12  Ack: 0xEFE1DA94  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:25:57.858219 24.93.48.91:2826 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x25D287E3  Ack: 0xF101095B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:00.180082 24.93.48.91:2883 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21637 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x260640E9  Ack: 0xF09E37A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:11.428984 24.93.48.91:3227 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23462 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x272E355A  Ack: 0xF1D479F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:13.699612 24.93.48.91:3271 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2758D6E7  Ack: 0xF1B6FE2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:15.907611 24.93.48.91:3330 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24153 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x278BB826  Ack: 0xF1A9136F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:26:27.181779 24.93.48.91:3671 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26113 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28AF27DD  Ack: 0xF2F2DB6A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-21:37:16.347329 66.196.73.77:40125 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:7043 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF6F19996  Ack: 0x1B4735A4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.124013 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA132B  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.147984 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA18DF  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:26:58.865480 24.116.72.9:1879 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:1951 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBAC5190D  Ack: 0xD7A0B326  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:29:52.407821 24.209.45.21:4987 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9404FE9  Ack: 0xE198C28A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:29:52.446065 24.209.45.21:4987 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC940559D  Ack: 0xE198C28A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.589295 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283736B  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.660545 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283791F  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-23:03:36.448788 66.196.65.24:35370 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6471 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6F29949E  Ack: 0x6215A28B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:07:22.330760 209.142.14.60:2177 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:38752 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0xF3A004DC  Ack: 0x52C91215  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:11:37.817924 24.209.45.21:3569 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x779E395E  Ack: 0x61ED801C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-00:11:37.849052 24.209.45.21:3569 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:28852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x779E3F12  Ack: 0x61ED801C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:23:34.555143 24.209.191.210:3463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49236 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x536060EA  Ack: 0x1B69F6EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:23:34.570216 24.209.191.210:3463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49237 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5360669E  Ack: 0x1B69F6EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:38:05.152220 24.209.191.210:4842 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA8713AF0  Ack: 0x509C3687  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:38:05.160191 24.209.191.210:4842 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59690 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA87140A4  Ack: 0x509C3687  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:06.926948 24.106.83.102:3368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9493 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC31BABF2  Ack: 0x7AD2AF07  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:10.656000 24.106.83.102:3392 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC33009B3  Ack: 0x7A671B2B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:13.749165 24.106.83.102:3492 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10059 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC38602D1  Ack: 0x7A5085A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:17.210075 24.106.83.102:3669 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC41CCA35  Ack: 0x7AF5F8C9  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]