SnortSnarf alert page

Destination: 192.168.1.6: #4101-4200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:58:30.133188 on 05/20/2003
Latest: 18:14:20.358158 on 05/20/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.133188 24.209.219.95:3291 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22632 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xED759137  Ack: 0x3BA63105  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.187779 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22641 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7706BC  Ack: 0x3C1E90D1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.269458 24.209.219.95:3309 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7D8E44  Ack: 0x3C2A8835  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.325626 24.209.219.95:3326 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED899185  Ack: 0x3B6A5AF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.427978 24.209.219.95:3328 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22715 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8B3358  Ack: 0x3C00C413  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.504053 24.209.219.95:3338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22744 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8E4C12  Ack: 0x3C0B0C35  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.805523 24.209.219.95:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24875 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0485691  Ack: 0x3C6BEC03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.908727 24.209.219.95:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF0555D03  Ack: 0x3C42F9C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.968285 24.209.219.95:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24936 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF05E9136  Ack: 0x3C835203  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:49.215589 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27168 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF32B8D63  Ack: 0x3CB82BE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.554942 24.209.219.95:3246 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF597FC9F  Ack: 0x3D3ECCF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.630073 24.209.219.95:3247 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29104 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF598E820  Ack: 0x3DD39467  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.682720 24.209.219.95:3274 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29115 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF59F1FB1  Ack: 0x3D97D424  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.746034 24.209.219.95:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29126 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF5A1DADC  Ack: 0x3D7A968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.865969 24.209.219.95:3304 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF5A72A3D  Ack: 0x3D7AB45C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.011916 24.209.219.95:3286 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60869 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEDB4DCBD  Ack: 0xE2096BBA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.070482 24.209.219.95:3290 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60878 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEDB65786  Ack: 0xE2BED085  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.127585 24.209.219.95:3292 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60891 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB81061  Ack: 0xE23FA82D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.176841 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60900 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB96A6D  Ack: 0xE2DED4BD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.264049 24.209.219.95:3296 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60949 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEDB9FE53  Ack: 0xE2418D08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.501467 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63295 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0785EEC  Ack: 0xE34EA738  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.568297 24.209.219.95:3417 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63339 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF079A880  Ack: 0xE2DE04F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.868249 24.209.219.95:3598 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF37A9116  Ack: 0xE34190B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.923734 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37BCBE7  Ack: 0xE34BC523  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.998974 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37C7026  Ack: 0xE36D767C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.544079 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3081 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF60DE32F  Ack: 0xE44DD425  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.633487 24.209.219.95:4133 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF713FD50  Ack: 0xE40A103B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.105857 24.209.219.95:3114 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3909 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF832F443  Ack: 0xE496BF00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.154075 24.209.219.95:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3928 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8339DA5  Ack: 0xE49259ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.237781 24.209.219.95:3125 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3933 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF83A7211  Ack: 0xE460E932  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.286162 24.209.219.95:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3953 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF83C5B70  Ack: 0xE4E4DE92  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.393850 24.209.219.95:4702 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:314 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4CADCEF  Ack: 0xD5DC99AB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.506357 24.209.219.95:4707 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:330 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF4CE15B0  Ack: 0xD69671D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.573594 24.209.219.95:3099 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF5441008  Ack: 0xD696608D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.630731 24.209.219.95:3101 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:803 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF545E0F7  Ack: 0xD6CF754E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:35.211860 24.209.219.95:4720 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2795 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7F5F235  Ack: 0xD7298CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:35.262792 24.209.219.95:4721 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2816 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F6BFA8  Ack: 0xD674D2ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:44.575679 24.209.219.95:4033 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4569 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA18CC7F  Ack: 0xD81B92B7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:44.662175 24.209.219.95:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA1BE4D6  Ack: 0xD82B7D9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.091637 24.209.219.95:4396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5078 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAB866ED  Ack: 0xD8A8878D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.149997 24.209.219.95:4399 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABAED8C  Ack: 0xD8B5C2DE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.222050 24.209.219.95:4408 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5110 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABC5646  Ack: 0xD8498CBA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.610401 24.209.219.95:3126 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB9D2B2C  Ack: 0xD8BE4269  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.678968 24.209.219.95:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5754 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFB9F1FC9  Ack: 0xD8D28261  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.767534 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.745223 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6481 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.879278 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6508 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCAAD218  Ack: 0xD8AA18F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.924732 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6513 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCABC270  Ack: 0xD8F5FEA5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:41.059263 24.130.204.30:1878 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:29208 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1A62BB11  Ack: 0xE49D1188  Win: 0x4098  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:45.993176 24.130.204.30:2115 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:30078 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1B2327EB  Ack: 0xE4C45844  Win: 0x4098  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:06:56.605172 24.130.204.30:2829 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:32048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1D4A643A  Ack: 0xE5F07E24  Win: 0x4098  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:10.392855 24.130.204.30:3403 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:34570 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F0D6E2F  Ack: 0xE7C05F6E  Win: 0x4098  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:11.913173 24.130.204.30:3643 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:34859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1FCC160F  Ack: 0xE7BC1181  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-08:07:13.508469 24.130.204.30:3738 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:35129 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2016514E  Ack: 0xE7B982AC  Win: 0x4098  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-08:07:15.449533 24.130.204.30:3818 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:35467 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x204EB5C3  Ack: 0xE74D1664  Win: 0x4098  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:20.285062 24.130.204.30:4072 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:36305 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21164B83  Ack: 0xE79FA19C  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:24.805798 24.130.204.30:4305 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37081 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21CB70FB  Ack: 0xE7D723B0  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:26.454704 24.130.204.30:4398 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37415 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2210424F  Ack: 0xE829473F  Win: 0x4098  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:28.183140 24.130.204.30:4498 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:37704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x225C3E97  Ack: 0xE89E9C08  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:30.072911 24.130.204.30:4648 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38062 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2298073B  Ack: 0xE8313974  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:31.540115 24.130.204.30:4792 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38310 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x22E3013A  Ack: 0xE86E3C18  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:33.131706 24.130.204.30:4976 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:38595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x232C0E40  Ack: 0xE860582A  Win: 0x4098  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-08:07:45.709818 24.130.204.30:1526 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:40867 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24C29028  Ack: 0xE8F46F69  Win: 0x4098  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-16:39:15.687558 24.48.212.45:2722 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:28624 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA223E59  Ack: 0x7500AB13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-16:39:15.761749 24.48.212.45:2722 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:28625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA22440D  Ack: 0x7500AB13  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:38.642244 24.30.115.93:4925 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:1565 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB7C78FB1  Ack: 0x63D91661  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:39.612975 24.30.115.93:1068 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:1746 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB802EF68  Ack: 0x63B2A20F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:43.091217 24.30.115.93:1181 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:2279 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB862FF76  Ack: 0x64C152A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:42:53.302030 24.30.115.93:1505 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3538 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB97B3FC1  Ack: 0x655A3B39  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:03.517519 24.30.115.93:1807 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4491 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBA7F5BDB  Ack: 0x65924D5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-17:43:03.947867 24.30.115.93:1831 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4534 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBA90ED3C  Ack: 0x653CF9A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-17:43:04.493370 24.30.115.93:1844 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBA9AD2C2  Ack: 0x66059C16  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:05.187357 24.30.115.93:1856 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4654 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBAA3F8EC  Ack: 0x654F7EB0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:06.043780 24.30.115.93:1872 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4728 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAB1C936  Ack: 0x653DB01B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:09.545927 24.30.115.93:1899 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAC9BD06  Ack: 0x66466010  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:10.199078 24.30.115.93:2016 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5210 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBB2CB613  Ack: 0x65B4EA01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:10.581634 24.30.115.93:2035 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:5257 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBB3D719C  Ack: 0x66339E21  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:32.542102 24.30.115.93:2705 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7511 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBD75E000  Ack: 0x6714214C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:35.510881 24.30.115.93:2705 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7878 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBD75E000  Ack: 0x6714214C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:36.025309 24.30.115.93:2851 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:7975 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDEFBD60  Ack: 0x6706954C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:39.103894 24.30.115.93:2851 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8351 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDEFBD60  Ack: 0x6706954C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:45.940799 24.30.115.93:3141 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9108 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBEEB5703  Ack: 0x681F295A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-17:43:49.641078 24.30.115.93:3292 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:9576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF6BE093  Ack: 0x688844CD  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:48.070717 24.209.40.219:1903 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31942 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBC7A261C  Ack: 0xC0E2DAE4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.052523 24.209.40.219:2238 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33318 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBD984E21  Ack: 0xC11A6FB4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.712672 24.209.40.219:2258 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDA97CF9  Ack: 0xC195A40B  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:59.193371 24.209.40.219:2286 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33529 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDC18A58  Ack: 0xC120F08B  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:08.946998 24.209.40.219:2555 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34860 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEAC318F  Ack: 0xC1E45BA3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:09.565584 24.209.40.219:2578 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBEBF21E4  Ack: 0xC179D79C  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:18.959174 24.209.40.219:2856 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36026 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBFB1E7C5  Ack: 0xC21EA0D4  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:28.820403 24.209.40.219:3107 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37074 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC08ADEFE  Ack: 0xC2B1EF5D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:32.207972 24.209.40.219:3202 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37390 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC0DAFBF8  Ack: 0xC3737F38  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:41.768297 24.209.40.219:3460 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1BB18C9  Ack: 0xC3AF37FD  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:42.258987 24.209.40.219:3479 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38476 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1CAEB5F  Ack: 0xC3909D11  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:52.218942 24.209.40.219:3741 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC2A7D5A0  Ack: 0xC476542C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.355413 24.209.40.219:3759 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39551 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC2B812DA  Ack: 0xC3F7FA63  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.810498 24.209.40.219:3781 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39635 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2CC2C58  Ack: 0xC44E0491  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:55.030811 24.209.40.219:3799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39710 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2DC3E50  Ack: 0xC495A55D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:58.679318 24.209.40.219:3922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40191 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC3463633  Ack: 0xC4F7B7FF  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:20.358158 24.209.40.219:1180 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44031 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xED1C047B  Ack: 0xDC40ABBB  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]