SnortSnarf alert page

Destination: 192.168.1.6: #3901-4000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 10:22:59.532737 on 05/19/2003
Latest: 19:06:15.136600 on 05/19/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:59.532737 24.201.229.67:1373 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFF520437  Ack: 0xA72B7292  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:22:59.885324 24.201.229.67:1390 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19347 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFF5FBE61  Ack: 0xA7DAB4A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:00.377339 24.201.229.67:1414 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFF735F0F  Ack: 0xA7567913  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:09.938360 24.201.229.67:1445 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:21665 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFF8B0BF2  Ack: 0xA7E899B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-10:23:32.074671 24.201.229.67:3082 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:26544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A388E2  Ack: 0xA92E8C12  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-12:52:40.034706 66.196.65.24:45591 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:11573 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBA35D0D2  Ack: 0xDC9BF1EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:30:28.619494 24.63.8.146:2050 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3269 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F2782E7  Ack: 0x4E536A2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:30:28.627769 24.63.8.146:2050 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:3270 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F27889B  Ack: 0x4E536A2A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.797207 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627D486  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.825196 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627DA3A  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.643903 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CE9CA  Ack: 0x13655240  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.665857 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CEF7E  Ack: 0x13655240  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:12.193078 24.217.213.111:4296 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24204 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75862A2D  Ack: 0x1DFC84F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:15.848993 24.217.213.111:4335 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24890 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75A737FA  Ack: 0x1DD8C2C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.079415 24.217.213.111:4486 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24945 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7623898E  Ack: 0x1E561092  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.301608 24.217.213.111:4509 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25007 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x76326128  Ack: 0x1DBCC8D2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:16.517376 24.217.213.111:4525 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25062 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x763F6A20  Ack: 0x1DEA8449  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-15:25:17.495876 24.217.213.111:4561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25264 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x765C1A38  Ack: 0x1D8C0575  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-15:25:20.946117 24.217.213.111:4900 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26005 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x76FE4B69  Ack: 0x1DEE2533  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.142356 24.217.213.111:4921 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26049 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7709A675  Ack: 0x1EA48ADD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.393857 24.217.213.111:4951 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77157945  Ack: 0x1EB099B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:21.584668 24.217.213.111:4978 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26130 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77223B8A  Ack: 0x1E873ECB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:25:22.201135 24.217.213.111:4992 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26243 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7729FE90  Ack: 0x1E1E3D8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-16:11:04.910145 24.77.219.17:3988 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF24A296  Ack: 0xCB39FBBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-16:11:04.948508 24.77.219.17:3988 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64233 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF24A84A  Ack: 0xCB39FBBC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:03.944052 24.114.38.37:3261 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9477 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEBEFE0D  Ack: 0xB684239  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:09.980123 24.114.38.37:3709 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10216 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC0296984  Ack: 0xC0DDC1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:12.450019 24.114.38.37:3769 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC061B701  Ack: 0xBDF359A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:19.463424 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:22.928338 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12285 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:28.429061 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13086 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E  Ack: 0xC92DEC1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:31.015704 24.114.38.37:4457 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13519 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2955E7A  Ack: 0xD168255  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-17:36:43.025349 24.114.38.37:1286 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC45D930B  Ack: 0xDBD5552  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-17:36:54.954609 24.114.38.37:1833 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC6284EC9  Ack: 0xF4A2071  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:56.978402 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17371 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D  Ack: 0xF7314F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:36:59.998720 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17656 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D  Ack: 0xF7314F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:47:01.621264 24.145.209.152:2765 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55334 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A395EA4  Ack: 0x34C49303  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-17:47:01.650066 24.145.209.152:2765 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55335 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A396458  Ack: 0x34C49303  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:14:05.999799 62.194.177.98:3168 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:45815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48EE1878  Ack: 0x9A886631  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:14:06.009130 62.194.177.98:3168 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:45816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48EE1E2C  Ack: 0x9A886631  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:22:19.773810 24.209.98.148:2430 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1E18140  Ack: 0xBA4A55C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:22:19.803684 24.209.98.148:2430 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1E186F4  Ack: 0xBA4A55C2  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.740726 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6659  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.751487 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6C0D  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.408155 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44067 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D93AD  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.411726 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44068 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D9961  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.300716 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEB69B  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.310687 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEBC4F  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.645678 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F4FCD  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.655786 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F5581  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.949414 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CBE40  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.959757 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CC3F4  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.307275 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2597  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.317832 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44885 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2B4B  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.702026 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C075B  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.711849 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C0D0F  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.008262 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD2671B  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.018895 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD26CCF  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.913942 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DCA78  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.926516 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DD02C  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.580057 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46062 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30830  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.589785 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30DE4  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.389676 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC86EEB  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.400735 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC8749F  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.712128 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0C95F  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.721273 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0CF13  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.350245 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47834 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA5954A  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.361007 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47835 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA59AFE  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.375281 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45530DF7  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.385774 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x455313AB  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.271624 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A97EFB  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.280016 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A984AF  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.258871 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DBE90  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.269110 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DC444  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.297972 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A19AC5  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.308614 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A1A079  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.562001 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49762F18  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.572365 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x497634CC  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.609531 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59131 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B430D6  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.623400 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59132 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B4368A  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.082083 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59666 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A2836D7  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.092297 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59667 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A283C8B  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.163196 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A677FD8  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.173113 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A67858C  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.560575 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60056 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A97353E  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.575279 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60057 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A973AF2  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.523541 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E298  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.533361 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E84C  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.571100 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61508 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D0D58  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.581184 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D130C  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.518192 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61595 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ECC00  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.527686 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ED1B4  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.958561 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C59FD9D  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.969678 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61756 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C5A0351  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.928206 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D4002A8  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.938388 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D40085C  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:58:37.714043 24.209.98.148:1250 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:20893 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x84A232C9  Ack: 0x43E188AA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:58:37.749350 24.209.98.148:1250 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:20894 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x84A2387D  Ack: 0x43E188AA  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.104019 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20211 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F5279  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.136600 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F582D  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]