SnortSnarf alert page

Destination: 192.168.1.6: #4001-4100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:30:31.230961 on 05/19/2003
Latest: 03:58:20.782550 on 05/20/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.230961 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57859 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070C454  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.276548 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57860 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070CA08  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-19:40:32.342656 66.196.73.77:37478 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:55189 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x62F72CEA  Ack: 0xE1E95A92  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:42:37.344876 210.164.186.94:2723 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:13172 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0x910874E7  Ack: 0xAF7270EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18565054 1857436134 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.163795 24.209.219.95:4631 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35759 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD30977DE  Ack: 0xAF69822E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.328003 24.209.219.95:4650 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD30F7715  Ack: 0xAFCDEF39  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.469446 24.209.219.95:4653 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35910 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD312383A  Ack: 0xAFC9D548  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.562244 24.209.219.95:4690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3265BC8  Ack: 0xAF01BF99  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:53.857787 24.209.219.95:3564 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38220 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD445A03D  Ack: 0xAF73C0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:42:57.100416 24.209.219.95:4518 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39341 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD5CD60E3  Ack: 0xB04E90ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:43:00.359276 24.209.219.95:4979 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40598 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6A713AF  Ack: 0xB0C996A4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:00.686658 24.209.219.95:4991 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40731 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6AF2FFC  Ack: 0xAFF7B357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.595369 24.209.219.95:3677 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44084 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD89D0368  Ack: 0xB0C2C218  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.944346 24.209.219.95:3858 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44156 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8DCABA5  Ack: 0xB1176513  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.799766 24.209.219.95:3907 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8F6122A  Ack: 0xB1A61819  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.921961 24.209.219.95:3331 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA67FB5C  Ack: 0xB1B9D563  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.023198 24.209.219.95:3337 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45445 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDA6BD820  Ack: 0xB1B6157C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.087568 24.209.219.95:3344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45457 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDA70BF6E  Ack: 0xB1694853  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.143117 24.209.219.95:3350 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45486 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDA75C166  Ack: 0xB1C360E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:27.989559 24.209.219.95:4699 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDCD68640  Ack: 0xB25D8B1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.828890 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADA494  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.853621 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9879 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADAA48  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:59:58.452148 24.209.196.254:2807 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29099 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824A10B2  Ack: 0xD301AD1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:59:58.453400 24.209.196.254:2807 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29100 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824A1666  Ack: 0xD301AD1A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:15.244775 24.209.113.11:3405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6181 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x491B05CE  Ack: 0xEF095F96  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:15.827586 24.209.113.11:3423 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6271 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492B22D3  Ack: 0xEE7B731D  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:19.609710 24.209.113.11:3534 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x498893F8  Ack: 0xEEB1D9B7  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:29.435512 24.209.113.11:3847 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A922538  Ack: 0xEF9C8B4B  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:29.997530 24.209.113.11:3859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A9B9B5F  Ack: 0xEF6C88FC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:07:30.376312 24.209.113.11:3884 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8648 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AAFDF8F  Ack: 0xEF69E980  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:07:31.385711 24.209.113.11:3916 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4ACABD8B  Ack: 0xEF6C85D2  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:31.819438 24.209.113.11:3932 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8846 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AD790AD  Ack: 0xEF414453  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.171397 24.209.113.11:3942 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE07840  Ack: 0xF034DFAC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.567226 24.209.113.11:3952 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8963 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE91F73  Ack: 0xEFFF7AB3  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:32.886160 24.209.113.11:3964 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9032 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF33F7B  Ack: 0xEF67D998  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:33.343227 24.209.113.11:3973 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9100 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AFBF183  Ack: 0xEFBD9743  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:34.077032 24.209.113.11:3986 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B06CB18  Ack: 0xF01B2ED8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:34.423732 24.209.113.11:4002 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9267 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B154A20  Ack: 0xEFFFD241  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:35.006170 24.209.113.11:4012 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9329 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B1D5E92  Ack: 0xF0500395  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:07:35.607413 24.209.113.11:4033 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9439 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B2FB412  Ack: 0xF005D09A  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:48.207081 24.93.48.91:4831 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58382 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDCA6A29  Ack: 0x3D055B2E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:51.335479 24.93.48.91:4940 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58917 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE26559B  Ack: 0x3CE03C89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:27:54.636785 24.93.48.91:1081 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE84401E  Ack: 0x3DB86C57  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:00.905037 24.93.48.91:1305 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60389 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF3E1A58  Ack: 0x3E44E47F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:07.073239 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61408 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12  Ack: 0x3EACBAC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:28:10.062785 24.93.48.91:1546 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61866 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1008CB12  Ack: 0x3EACBAC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:13.301269 24.93.48.91:1779 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x10C9A2A6  Ack: 0x3EF3E37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:17.290231 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62876 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37  Ack: 0x3F382F06  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:28:20.543723 24.93.48.91:1894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63250 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x112CCC37  Ack: 0x3F382F06  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:41:43.729225 24.126.82.22:4859 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:56548 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x950A5CC9  Ack: 0x71294DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:30.203494 24.126.82.22:2614 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62913 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9AB6735A  Ack: 0x738E909E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:31.241232 24.126.82.22:2662 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63066 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9ADC4578  Ack: 0x74E1117D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:32.026409 24.126.82.22:2699 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63193 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9AFC1291  Ack: 0x74925F15  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:35.585232 24.126.82.22:2730 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B1543F9  Ack: 0x74FCCAEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:36.629035 24.126.82.22:2870 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63870 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9B88D888  Ack: 0x74C038B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:37.424801 24.126.82.22:2907 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9BA71BEF  Ack: 0x756D5824  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:38.119429 24.126.82.22:2937 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64100 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9BC02E3E  Ack: 0x759DA985  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.001573 24.126.82.22:2964 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64207 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BD90B23  Ack: 0x75A797C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.600051 24.126.82.22:3003 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64339 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BF8F3E2  Ack: 0x7560B92D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.937365 24.126.82.22:3027 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64405 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C0CE514  Ack: 0x75BB51EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:44.170721 24.126.82.22:3175 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64924 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C86816B  Ack: 0x7572FDBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:45.103693 24.126.82.22:3216 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9CA785D7  Ack: 0x7559CB13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:46.280631 24.126.82.22:3252 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CC6FA46  Ack: 0x75F7EB17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.045222 24.126.82.22:3299 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9CED4D70  Ack: 0x75ED5254  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.787012 24.126.82.22:3327 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65442 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D043888  Ack: 0x765AB66A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.191924 24.209.219.95:3799 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60971 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA5A09D8B  Ack: 0xD7F3BCDA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.380875 24.209.219.95:3834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61062 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5B2641D  Ack: 0xD7FE0470  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.466348 24.209.219.95:3839 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5B737FD  Ack: 0xD7A16025  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:49.978039 24.209.219.95:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:62174 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA67E4D99  Ack: 0xD86C3CD9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:59.437879 24.209.219.95:4235 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64607 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA946142F  Ack: 0xD8A57A83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:08:59.504238 24.209.219.95:4242 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64639 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA94A5E81  Ack: 0xD8CFB6B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:09:08.941203 24.209.219.95:3767 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1539 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB776114  Ack: 0xD940686D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.077621 24.209.219.95:3353 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3985 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAE29036B  Ack: 0xD977BFB7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.470018 24.209.219.95:3428 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE52D537  Ack: 0xDA0FE33D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.765490 24.209.219.95:3474 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE76666C  Ack: 0xD9CBA504  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.370827 24.209.219.95:3411 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0EAD0B5  Ack: 0xDA0A28B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.440699 24.209.219.95:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7226 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0F3DCBD  Ack: 0xD9FD1A0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.522281 24.209.219.95:3453 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7257 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0FB1A36  Ack: 0xDA664D43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.576143 24.209.219.95:3476 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7270 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB109E1C9  Ack: 0xDAA79470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.638792 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7276 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB10B2D50  Ack: 0xDA0F6423  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.705787 24.209.219.95:3481 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7287 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB10DA191  Ack: 0xDAE46E59  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:15.860038 24.245.2.233:3439 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46291 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71E2985C  Ack: 0xC38C5FC9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:18.968217 24.245.2.233:3478 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46462 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x720CBF50  Ack: 0xC3583F32  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.472518 24.245.2.233:3608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x72954306  Ack: 0xC4E48971  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.693627 24.245.2.233:3616 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47026 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x729C31CE  Ack: 0xC409B0DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.930032 24.245.2.233:3620 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47050 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x729FCC07  Ack: 0xC42AEE03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:38.452343 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47709 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7336BD8A  Ack: 0xC57D2281  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:42.582499 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x736892F2  Ack: 0xC4CBEC04  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:43.440466 24.245.2.233:3832 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47990 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7373A391  Ack: 0xC54BF57C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.342939 24.245.2.233:3846 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48038 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7381B482  Ack: 0xC5B7FAFB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.682846 24.245.2.233:3857 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738CF405  Ack: 0xC5ACA066  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:45.228083 24.245.2.233:3858 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738EBAD4  Ack: 0xC54DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:55.353395 24.245.2.233:3975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x740A3E65  Ack: 0xC662A6B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:56.290773 24.245.2.233:3982 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48662 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x74115D5E  Ack: 0xC593D782  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:57.140662 24.245.2.233:3991 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x741AF98D  Ack: 0xC6698F30  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:58.285170 24.245.2.233:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48766 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7427974B  Ack: 0xC69966AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:59.529823 24.245.2.233:4018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48831 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x74364337  Ack: 0xC6756B45  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.933584 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11519 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6A950  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.953287 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11520 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6AF04  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:20.782550 24.209.219.95:3275 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20333 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEAD8045F  Ack: 0x3B43C5C2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]