SnortSnarf alert page

Destination: 192.168.1.6: #4401-4500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:13:11.242311 on 05/22/2003
Latest: 07:05:06.878445 on 05/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.242311 24.209.219.162:2366 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28015 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF40911E6  Ack: 0xFA147C2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.360430 24.209.219.162:2390 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF41C14B3  Ack: 0x1030FB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.423323 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF420BAA1  Ack: 0xFC570AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.487895 24.209.219.162:2400 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF424234F  Ack: 0x1046FAEF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.591918 24.209.219.162:2404 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF4270687  Ack: 0x10365E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.642447 24.209.219.162:2409 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28184 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF42AA2E5  Ack: 0x102AD646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.694227 24.209.219.162:2422 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF434BE5E  Ack: 0x103648EE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.770837 24.209.219.162:2425 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF436F9CF  Ack: 0xFFD305A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.875921 24.209.219.162:2452 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28336 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF44A64B8  Ack: 0x101E8A3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.325275 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF4C3FB2E  Ack: 0x107893E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.390964 24.209.219.162:2609 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4C7C6C4  Ack: 0x100069BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.479718 24.209.219.162:2612 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29111 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF4CAAE3E  Ack: 0x1057FD39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.576374 24.209.219.162:2615 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4CD662A  Ack: 0x10189A90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:48.517444 24.126.82.22:3101 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:58618 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5AFC41E8  Ack: 0xEA1881E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:58.391376 24.126.82.22:3511 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60204 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C4FC9E3  Ack: 0xF83776E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:59.192298 24.126.82.22:3534 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60324 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C646625  Ack: 0xF64BC85  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.074330 24.126.82.22:3566 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60474 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C7E8D2A  Ack: 0xFB7A533  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.957095 24.126.82.22:3601 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C9D0445  Ack: 0xF7165FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:10.917473 24.126.82.22:3997 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62223 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5DE9AC15  Ack: 0x1091B3BC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:11.712572 24.126.82.22:4030 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E04EAD2  Ack: 0xFC49F13  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:12.157508 24.126.82.22:4065 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62483 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5E21F20E  Ack: 0x10AD1D9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:21.956948 24.126.82.22:4448 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5F6B87B9  Ack: 0x110EEFA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:31.726831 24.126.82.22:4897 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x60E04BF4  Ack: 0x118EAFF6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:32.935320 24.126.82.22:4930 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x60FD22D0  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:33.275771 24.126.82.22:4972 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:703 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6120F418  Ack: 0x1188580C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.071065 24.126.82.22:4995 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1368 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x613342DF  Ack: 0x1206ADE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.908991 24.126.82.22:1169 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1547 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61B14028  Ack: 0x11A40B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:38.638939 24.126.82.22:1208 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1690 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x61CEF057  Ack: 0x11D02E5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:39.319055 24.126.82.22:1236 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1800 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61E7D544  Ack: 0x12115F53  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.648949 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x931082A  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.672024 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23690 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9310DDE  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:32.861352 24.209.219.162:1921 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6444130  Ack: 0x12AC298A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.044030 24.209.219.162:2882 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8F79909  Ack: 0x12E30A6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.106911 24.209.219.162:2929 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91087BC  Ack: 0x12E72AA8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.402050 24.209.219.162:2941 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20494 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91B33A4  Ack: 0x133B6F9D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.452363 24.209.219.162:2948 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF91D0987  Ack: 0x1309B642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.736286 24.209.219.162:3151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C66F4F  Ack: 0x13DED8A7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.831394 24.209.219.162:3166 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C8F920  Ack: 0x13F98101  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:45.887705 24.209.219.162:3169 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21344 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9CC17D1  Ack: 0x133B3BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:55.262552 24.209.219.162:1031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC11DA6A  Ack: 0x1436CE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:07.824801 24.209.219.162:1805 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFED491C1  Ack: 0x14C2787C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.125339 24.209.219.162:3231 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x17CF91A  Ack: 0x15419D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.184049 24.209.219.162:3236 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1814F9C  Ack: 0x15D764DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.244329 24.209.219.162:3239 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x183CB2B  Ack: 0x1532691E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.289143 24.209.219.162:3240 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x184F750  Ack: 0x157135F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.355114 24.209.219.162:3241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28377 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x185AFCA  Ack: 0x1594B3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:26.570589 24.209.219.162:4464 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:30695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43EB8C0  Ack: 0x16351E8A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:46.379970 24.202.192.141:1222 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28589 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD7BCB47B  Ack: 0x56E95579  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:52.139272 24.202.192.141:1347 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29074 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD830EB0D  Ack: 0x56DE0A89  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:53.728076 24.202.192.141:1471 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8A478A1  Ack: 0x579A22F5  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:47:55.448929 24.202.192.141:1560 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8EDA8B7  Ack: 0x57AF7A05  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:15.767772 24.209.219.162:2667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:33560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4821949B  Ack: 0x3803C825  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.653225 24.209.219.162:2818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x484D4BA0  Ack: 0x3808572F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.890753 24.209.219.162:3818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34766 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F42441  Ack: 0x38717D7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.959326 24.209.219.162:3825 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34783 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F9C557  Ack: 0x386E3800  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:23.536864 24.209.219.162:3876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A0E23D6  Ack: 0x380DAAD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:23.888874 24.209.219.162:4195 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AD34C86  Ack: 0x37E17560  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:24.014043 24.209.219.162:4234 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AF08702  Ack: 0x3851225A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.100665 24.209.219.162:4238 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35979 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AF4ABE2  Ack: 0x37D76F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.169344 24.209.219.162:4242 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35994 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF75154  Ack: 0x37CAB47B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.582260 24.209.219.162:1110 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38334 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB0336E  Ack: 0x391F9085  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.652621 24.209.219.162:1114 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38349 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3299A  Ack: 0x38B0FB98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.720380 24.209.219.162:1115 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3D535  Ack: 0x3899264E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:43.010132 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:40965 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:46.126004 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41692 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.453483 24.209.219.162:2845 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5170C486  Ack: 0x3ADD899F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.778198 24.209.219.162:2880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43321 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5186BD4B  Ack: 0x3AB6149E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.836189 24.209.219.162:2936 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5194097B  Ack: 0x3B0691ED  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:12.873580 24.209.219.162:3248 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62967 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x642CFE1E  Ack: 0x3FE0BF33  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:22.214796 24.209.219.162:3943 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64826 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x65D6CBD6  Ack: 0x3FD9FC59  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.797810 24.209.219.162:1566 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2882 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68EADBD6  Ack: 0x40BBFAC9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.850818 24.209.219.162:1696 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2889 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6952BBFE  Ack: 0x415278F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.929185 24.209.219.162:1700 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2901 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69556AF6  Ack: 0x40C2EF4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:37.974234 24.209.219.162:1844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D1C08F  Ack: 0x41B7D37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:38.038747 24.209.219.162:1847 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D49EC8  Ack: 0x415BC1F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:38.107077 24.209.219.162:1852 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3563 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x69D87582  Ack: 0x4179606A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.211525 24.209.219.162:1975 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A3D3D09  Ack: 0x40F2E093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.276604 24.209.219.162:1983 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4146 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4408A4  Ack: 0x41A734FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.336312 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A457EA2  Ack: 0x411A663F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.407428 24.209.219.162:1989 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4835A6  Ack: 0x4176BAC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.495632 24.209.219.162:1998 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A4F5BAE  Ack: 0x41689AD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.560074 24.209.219.162:2010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A57C8FE  Ack: 0x413D3833  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.640496 24.209.219.162:2012 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4264 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A598C9C  Ack: 0x4132A6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.694652 24.209.219.162:2025 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A608629  Ack: 0x4118ADB9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.336908 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4501 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49150D20  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.356210 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4502 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x491512D4  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:16.180610 24.209.219.162:2477 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x325D57FD  Ack: 0x78653761  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:25.407559 24.209.219.162:2937 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:19365 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x339BA22F  Ack: 0x79622F27  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:28.476758 24.209.219.162:3444 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x34B1682C  Ack: 0x795EB5F7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:37.699083 24.209.219.162:4687 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22512 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36CB300A  Ack: 0x79BA73E1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:38.059711 24.209.219.162:4718 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D53AA4  Ack: 0x79CC7F7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:44.642034 24.209.219.162:1032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374B678A  Ack: 0x79E30701  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:53.828667 24.209.219.162:2091 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3A4B21BD  Ack: 0x7B50717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.174998 24.209.219.162:2354 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26741 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3B1431C5  Ack: 0x7B8C33BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.249007 24.209.219.162:2357 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B16FC95  Ack: 0x7A92051A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.339550 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B1E7E7A  Ack: 0x7B418D8A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.416034 24.209.219.162:2381 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B285EB8  Ack: 0x7B2FF19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.473940 24.209.219.162:2385 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26875 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B2B0DA6  Ack: 0x7B460B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.815894 24.209.219.162:2833 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28680 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3C726970  Ack: 0x7BE87C43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.878445 24.209.219.162:2837 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C74BC6A  Ack: 0x7C13655F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]