SnortSnarf alert page

Destination: 192.168.1.6: #3801-3900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 04:49:20.642501 on 05/18/2003
Latest: 10:22:49.893664 on 05/19/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:20.642501 24.106.83.102:3770 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10555 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC472C3B9  Ack: 0x7AC86D7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-04:49:20.717300 24.106.83.102:3772 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10566 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC474D25B  Ack: 0x7B496201  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-04:49:27.068897 24.106.83.102:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11125 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC4DF250A  Ack: 0x7B934679  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:39.487146 24.106.83.102:4297 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12353 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC62EE2F1  Ack: 0x7BCBF1AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.751206 24.106.83.102:4684 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13134 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC7800AAB  Ack: 0x7CDE8429  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.820033 24.106.83.102:4686 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC78197DE  Ack: 0x7CBEBF05  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:48.949067 24.106.83.102:4690 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13156 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC7852C54  Ack: 0x7D21ADD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:51.993951 24.106.83.102:4696 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13454 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC789E3F0  Ack: 0x7C839ACE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:52.073912 24.106.83.102:4799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13463 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC7E3782E  Ack: 0x7D824C00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:55.197349 24.106.83.102:4802 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13747 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC7E587FE  Ack: 0x7D0B465E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:55.249781 24.106.83.102:4896 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13752 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC83656EE  Ack: 0x7D7FDAE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-04:49:58.302197 24.106.83.102:4898 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14000 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC83790BE  Ack: 0x7D6DAA65  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-05:30:51.259446 24.218.34.115:2609 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:38604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x16D19EF9  Ack: 0x190B8175  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-05:30:51.268057 24.218.34.115:2609 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:38605 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x16D1A4AD  Ack: 0x190B8175  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-05:53:06.658219 66.196.65.24:2459 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:62678 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBBE2BE14  Ack: 0x6C61DAD8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:30:04.836825 24.209.191.210:3714 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1DC372E4  Ack: 0xF7EF3161  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:30:04.844673 24.209.191.210:3714 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1DC37898  Ack: 0xF7EF3161  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:38:10.459264 24.209.191.210:4936 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A770026  Ack: 0x16352886  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:38:10.467865 24.209.191.210:4936 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1317 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A7705DA  Ack: 0x16352886  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:53:17.389207 24.209.45.21:4204 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38B0A806  Ack: 0x4FE81455  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-06:53:17.420407 24.209.45.21:4204 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38B0ADBA  Ack: 0x4FE81455  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-08:09:38.901127 24.209.191.210:2858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38A46918  Ack: 0x6F652D01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-08:09:38.909569 24.209.191.210:2858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38A46ECC  Ack: 0x6F652D01  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.021085 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2054 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748ADC5  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.053766 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2055 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748B379  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-10:36:10.604921 24.209.45.21:4572 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57389 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECAA1B32  Ack: 0x98B64CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-10:36:10.637057 24.209.45.21:4572 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57390 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECAA20E6  Ack: 0x98B64CE1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-11:01:41.491619 66.196.65.24:35099 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:28064 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x454F8EF4  Ack: 0xFAAB22C7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:34:45.415583 24.158.157.34:3934 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24840 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E8315B0  Ack: 0x7656DDB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:34:45.500154 24.158.157.34:3934 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E831B64  Ack: 0x7656DDB8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:59:42.216232 24.209.191.210:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:33699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1428275  Ack: 0xD4F68F2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-11:59:42.223880 24.209.191.210:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:33700 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1428829  Ack: 0xD4F68F2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.464374 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57475 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6551B61  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.483038 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57476 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6552115  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:28:39.626331 24.209.98.148:3489 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDB11B90  Ack: 0x43C73427  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:28:39.649853 24.209.98.148:3489 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9777 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDB12144  Ack: 0x43C73427  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:36:21.119092 24.99.79.52:4099 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27784 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1068B3F  Ack: 0x6011F366  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:36:21.129466 24.99.79.52:4099 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE10690F3  Ack: 0x6011F366  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:51:48.786484 24.209.191.210:1172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42012 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A08ACC  Ack: 0x9A904492  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:51:48.793078 24.209.191.210:1172 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A09080  Ack: 0x9A904492  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-13:04:12.099360 66.196.65.24:42059 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:37569 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFBD6BE2A  Ack: 0xC85B0286  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:42.669408 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86A7E2  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:45.298627 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86AD96  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:24:16.625890 24.209.98.148:3245 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:41909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30047463  Ack: 0x14564050  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:24:16.655863 24.209.98.148:3245 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:41910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30047A17  Ack: 0x14564050  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-14:20:33.586455 24.209.98.148:2423 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:33060 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708AF29F  Ack: 0xE9753F78  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-14:20:33.605824 24.209.98.148:2423 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:33061 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708AF853  Ack: 0xE9753F78  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-15:26:54.537955 24.209.98.148:1686 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:53626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E39C1E  Ack: 0xE47A32EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-15:26:54.549422 24.209.98.148:1686 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:53627 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E3A1D2  Ack: 0xE47A32EC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:42:24.725568 24.26.238.58:4074 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19281 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBC5C3  Ack: 0x50D1F3EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:42:24.791756 24.26.238.58:4074 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBCB77  Ack: 0x50D1F3EB  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:00.091508 24.98.223.233:4257 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37558 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x68196A03  Ack: 0x7DC833CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:02.268713 24.98.223.233:4342 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37854 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x685F6BFD  Ack: 0x7DA585CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:03.232064 24.98.223.233:4389 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38028 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68878964  Ack: 0x7E37E78D  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:10.794278 24.98.223.233:4596 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39280 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69278318  Ack: 0x7E372E30  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:15.351511 24.98.223.233:3069 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39975 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A22A005  Ack: 0x7F0433F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-22:54:16.377152 24.98.223.233:3102 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A3F500A  Ack: 0x7E2F74AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-22:54:21.131421 24.98.223.233:3273 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40768 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6ACAA0DD  Ack: 0x7F5EE579  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:25.675811 24.98.223.233:3476 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41526 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B707F06  Ack: 0x7F8D2A03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:26.800392 24.98.223.233:3523 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41697 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B953CF0  Ack: 0x7F82643C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:54:52.321541 24.98.223.233:3698 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C28059C  Ack: 0x7FAC5490  Win: 0xFAF0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:03.720439 24.98.223.233:3038 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47076 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6FD86377  Ack: 0x817F1312  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:06.087963 24.98.223.233:4594 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x80D66E52  Ack: 0x6EFE6EAB  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:08.142608 24.98.223.233:3355 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47754 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x70DAABD4  Ack: 0x819823CE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:09.306192 24.98.223.233:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:47887 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70F907BF  Ack: 0x81A383EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-22:55:12.111433 24.98.223.233:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70F907BF  Ack: 0x81A383EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:26.733635 24.160.23.53:3985 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55642 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x14D26CF8  Ack: 0xA53879AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:27.722134 24.160.23.53:4000 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55691 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x14DF95C9  Ack: 0xA56E013C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:31.366562 24.160.23.53:4060 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55925 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1515C4C5  Ack: 0xA59848E5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:31.939227 24.160.23.53:4072 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55959 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x15210544  Ack: 0xA563DE5D  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:32.507818 24.160.23.53:4080 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1526DC39  Ack: 0xA4EACF1F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:04:36.083489 24.160.23.53:4163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x156F5BC3  Ack: 0xA5E61D18  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:04:36.621182 24.160.23.53:4185 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56549 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15810AFC  Ack: 0xA57D55CB  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:37.217808 24.160.23.53:4198 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56596 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x158D7D10  Ack: 0xA56B19AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:37.817818 24.160.23.53:4206 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1595C6AF  Ack: 0xA5385D55  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:41.947346 24.160.23.53:4280 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56938 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x15DD46F2  Ack: 0xA5CDCCBF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:42.527010 24.160.23.53:4290 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x15E6E67B  Ack: 0xA6216D5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:43.084299 24.160.23.53:4295 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56997 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x15EC7B37  Ack: 0xA6559B20  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:43.634049 24.160.23.53:4303 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57027 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x15F4A655  Ack: 0xA5F50810  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:44.193131 24.160.23.53:4315 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57077 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x15FE450D  Ack: 0xA688227B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-23:04:44.755063 24.160.23.53:4324 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57124 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1605EB2C  Ack: 0xA5F037A4  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/18-23:16:36.943473 66.196.65.24:60734 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:11252 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xACAB4B47  Ack: 0xD2146C43  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-03:07:33.275431 24.74.60.176:1838 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6FF0EB0  Ack: 0x3A4E7709  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-03:07:33.281836 24.74.60.176:1838 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6FF1464  Ack: 0x3A4E7709  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-03:59:42.826911 66.230.140.66:2690 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:56545 IpLen:20 DgmLen:155 DF
***AP*** Seq: 0x85E93A8  Ack: 0x724D89  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 339345299 1824771783 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-04:34:55.932684 66.196.73.77:23965 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50563 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4A7AA15  Ack: 0x84CFEEE8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-08:10:59.466858 24.95.148.34:3494 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37729 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B11F6C9  Ack: 0xB5B7E33D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-08:10:59.529897 24.95.148.34:3494 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B11FC7D  Ack: 0xB5B7E33D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-09:20:18.803399 24.69.2.199:1303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD619A9D7  Ack: 0xBB641ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-09:20:18.899415 24.69.2.199:1303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD619AF8B  Ack: 0xBB641ACA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:08.472017 24.201.229.67:2207 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6435 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF659E011  Ack: 0xA481B2EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.055490 24.201.229.67:2445 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7950 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF716503F  Ack: 0xA550A457  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.249214 24.201.229.67:2575 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8012 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF780478E  Ack: 0xA4B65E27  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.428307 24.201.229.67:2591 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8062 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF78DB80F  Ack: 0xA4AC9A6B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:15.643956 24.201.229.67:2613 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8155 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF79E86FF  Ack: 0xA55098CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-10:22:29.253946 24.201.229.67:3337 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9D0B33A  Ack: 0xA5A29DD4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:39.144737 24.201.229.67:3916 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13995 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFB92469C  Ack: 0xA6021F61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:39.353740 24.201.229.67:3933 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14072 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBA0FDD2  Ack: 0xA60B0B9D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:49.371312 24.201.229.67:4623 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16785 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFD8CEBF4  Ack: 0xA6A759AD  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:49.893664 24.201.229.67:4650 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16870 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFD9C8D2E  Ack: 0xA6F20F01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]