SnortSnarf alert page

Destination: 192.168.1.6: #4301-4400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:40:26.101106 on 05/21/2003
Latest: 03:13:01.556440 on 05/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:40:26.101106 24.94.212.166:4744 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30046 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0EEF1E9  Ack: 0x10CE11D1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:40:26.368999 24.94.212.166:4748 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30066 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB0F2C3F2  Ack: 0x10C92FD9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:35.705381 24.94.212.166:4902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30687 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB1888245  Ack: 0x119BC66D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:35.994070 24.94.212.166:4907 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB18D1AC9  Ack: 0x11F74C17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:45.244530 24.94.212.166:1070 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31244 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2145B90  Ack: 0x1274E51F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:48.485373 24.94.212.166:1112 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31396 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB23E6DD0  Ack: 0x12A68DCA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:49.116584 24.94.212.166:1119 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31423 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB244AFDA  Ack: 0x12DEB7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.353834 24.94.212.166:1448 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB388DDAE  Ack: 0x13BC9C01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.594973 24.94.212.166:1451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32771 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB38C3678  Ack: 0x143ABF2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:10.874470 24.94.212.166:1453 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32786 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB38EB589  Ack: 0x13E1354A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:41:11.127635 24.94.212.166:1456 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB391C30A  Ack: 0x140C8803  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-14:05:05.429385 24.207.159.213:4860 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52538 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA351D71C  Ack: 0x6ED6A82E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-14:05:05.435717 24.207.159.213:4860 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:52539 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA351DCD0  Ack: 0x6ED6A82E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-16:22:06.756594 66.196.65.24:4429 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:17014 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1F7F8E0E  Ack: 0x74ABC626  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-19:48:44.352589 24.209.98.148:3646 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B6F699  Ack: 0x80B365CE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-19:48:44.378030 24.209.98.148:3646 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54543 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B6FC4D  Ack: 0x80B365CE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:27:14.863725 24.209.98.148:4512 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58504 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8EC4697  Ack: 0x11D3D095  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:27:14.892999 24.209.98.148:4512 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58505 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8EC4C4B  Ack: 0x11D3D095  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:32:15.449670 24.209.98.148:1286 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25704 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x657838F  Ack: 0x24FB6F60  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-20:32:15.489098 24.209.98.148:1286 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25705 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6578943  Ack: 0x24FB6F60  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-20:45:59.252765 66.196.65.24:42041 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53097 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE82C29B1  Ack: 0x58802E7E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:09.956104 24.60.106.185:1296 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x63EC529B  Ack: 0x9A3A2488  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:14.669219 24.60.106.185:1670 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20814 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x651494FE  Ack: 0x9A190D07  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:15.614185 24.60.106.185:1730 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20969 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6543FA7B  Ack: 0x9A8BC558  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:25.530198 24.60.106.185:2151 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22647 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x669F0D97  Ack: 0x9ACFB673  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:26.369983 24.60.106.185:2187 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22793 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE0F9C  Ack: 0x9B75CCAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-21:03:27.357506 24.60.106.185:2225 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66DBEE33  Ack: 0x9B386AEA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-21:03:28.540200 24.60.106.185:2255 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23151 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66F5B9D7  Ack: 0x9BB3D87C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:41.862496 24.60.106.185:2707 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25473 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x686A5CA5  Ack: 0x9C031FBC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:42.832786 24.60.106.185:2880 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25642 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68F828B9  Ack: 0x9BD7A3F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:43.899490 24.60.106.185:2930 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6922259D  Ack: 0x9C747889  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:54.075547 24.60.106.185:3361 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27522 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A88D611  Ack: 0x9C751FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:03:55.151385 24.60.106.185:3426 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6ABCFF7B  Ack: 0x9CF7BDEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:05.378400 24.60.106.185:3889 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29545 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C30143B  Ack: 0x9DD6C94C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:06.548450 24.60.106.185:3943 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C58F3F9  Ack: 0x9DC3B310  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:07.624896 24.60.106.185:3997 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29958 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6C845017  Ack: 0x9D0D9DC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:04:17.855940 24.60.106.185:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DFB5527  Ack: 0x9DC1B7B4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:40:43.535169 24.127.23.32:4794 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:125 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3BAB6290  Ack: 0x27BA99DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-21:40:45.088491 24.127.23.32:1267 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:523 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3D0AE972  Ack: 0x274DEF24  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:11:02.976732 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2827  Ack: 0x997CC15B  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:11:02.985828 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2DDB  Ack: 0x997CC15B  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:55.617806 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41004 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:58.206598 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:42060 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:02.581769 24.209.219.162:2177 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43889 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x30054357  Ack: 0xE9C7F19F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:06.606051 24.209.219.162:2857 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45306 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31A275E8  Ack: 0xEAA50074  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.200122 24.209.219.162:2969 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45678 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31F3E9A5  Ack: 0xE9FE60D0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.860645 24.209.219.162:3140 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3274F136  Ack: 0xEAB62C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:08.013768 24.209.219.162:3204 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:46053 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x32A75A57  Ack: 0xE9FB9BCE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:11.724381 24.209.219.162:3688 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3381417E  Ack: 0xEA74A733  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:11.994124 24.209.219.162:3706 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x33913528  Ack: 0xEAA211A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:16.772817 24.209.219.162:4123 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:48631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34D57F18  Ack: 0xEB4FF2B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:17.797275 24.209.219.162:4297 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3534CBD4  Ack: 0xEAC5F834  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.477739 24.209.219.162:4880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36157D92  Ack: 0xEB4A3A60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.767329 24.209.219.162:1094 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3680595F  Ack: 0xEB4FF1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.969599 24.209.219.162:1165 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49688 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36B37302  Ack: 0xEAE0F309  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.157916 24.209.219.162:1217 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D7D2DD  Ack: 0xEAECFF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.413768 24.209.219.162:1319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:50006 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372F2965  Ack: 0xEB29C3DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:23.292273 24.209.219.162:1618 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51409 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F9CA9D  Ack: 0xEB01F58E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:34:47.064169 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5419 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68637033  Ack: 0xF3FCDB70  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:34:47.074456 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5420 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x686375E7  Ack: 0xF3FCDB70  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:38:28.246437 66.196.65.24:27391 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50912 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4EF2957  Ack: 0x1A16AE8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.171658 24.209.219.162:4235 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE058A803  Ack: 0x6D80B252  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.284619 24.209.219.162:4251 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62699 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE0621AC7  Ack: 0x6DBB4631  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.333253 24.209.219.162:4750 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63793 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10A8A88  Ack: 0x6D307187  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.468011 24.209.219.162:4755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10E3DB4  Ack: 0x6D0F2EE2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.590413 24.209.219.162:4793 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63882 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1257017  Ack: 0x6D0B62C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:47.911561 24.209.219.162:1199 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE1F86B4B  Ack: 0x6DAAB293  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:51.215431 24.209.219.162:1594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:65376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE32A0ADC  Ack: 0x6DB510E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.712570 24.209.219.162:1988 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:761 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE45D58AD  Ack: 0x6DD9E45D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.794658 24.209.219.162:2032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4797D3F  Ack: 0x6E80346A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.851764 24.209.219.162:2058 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:835 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE48D866C  Ack: 0x6DDAE962  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.149823 24.209.219.162:2070 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:858 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE49AE83D  Ack: 0x6E6455E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.666306 24.209.219.162:2319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE503156B  Ack: 0x6E071D58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.904468 24.209.219.162:2356 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1282 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE520C3EB  Ack: 0x6DD666B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.976415 24.209.219.162:2363 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE526B02B  Ack: 0x6DE52F26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.031569 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1317 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE529C2B6  Ack: 0x6DF6FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.156230 24.209.219.162:2376 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5301BB5  Ack: 0x6E7B4574  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.057872 24.209.219.162:4319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45322 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE73CE1C  Ack: 0x1039EF83  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.217079 24.209.219.162:4322 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE76439D  Ack: 0x10EEC7BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.313446 24.209.219.162:4329 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE79C566  Ack: 0x104A9540  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:52.636949 24.209.219.162:1637 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47423 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x110F1FBB  Ack: 0x10A56449  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:01.972402 24.209.219.162:2302 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13180700  Ack: 0x11DDC058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.629102 24.209.219.162:3437 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51845 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1569FD4D  Ack: 0x127C81E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.720857 24.209.219.162:3765 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16366F91  Ack: 0x12217004  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:24.009159 24.209.219.162:4951 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:53702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17BE5503  Ack: 0x132D9222  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.937291 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EAFE64  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.957880 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EB0418  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.222681 24.209.219.162:1746 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55054 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CCA030  Ack: 0x13E482EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.281009 24.209.219.162:1747 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CE451A  Ack: 0x1389CBF0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.380267 24.209.219.162:1749 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D02325  Ack: 0x130A47E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.457620 24.209.219.162:1755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D4C618  Ack: 0x13811713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.525806 24.209.219.162:1757 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x19D6F2EC  Ack: 0x138B9D78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.590561 24.209.219.162:1758 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19D7775C  Ack: 0x131813B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.639186 24.209.219.162:1781 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55175 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19E8B534  Ack: 0x13861B0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.711240 24.209.219.162:1786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55190 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19EAFDD1  Ack: 0x13DE4842  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.724495 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C84186  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.748493 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8473A  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.327918 24.209.219.162:1483 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25615 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF155753F  Ack: 0xF6C00DD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.431970 24.209.219.162:1499 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF1619DA3  Ack: 0xEF944DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.556440 24.209.219.162:1521 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25712 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF172BFEC  Ack: 0xFA6EE70  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]