SnortSnarf alert page

Destination: 192.168.1.6: #4901-5000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 09:35:18.272646 on 05/23/2003
Latest: 15:47:23.624127 on 05/23/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.272646 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E72C11  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.291401 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E731C5  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:52.768141 24.209.174.0:1271 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12627 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4E7B7099  Ack: 0x3931D212  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.147931 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12660 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4E834569  Ack: 0x393ACCFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.381250 24.209.174.0:1289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E89F657  Ack: 0x38A33292  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:57.116397 24.209.174.0:1311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E9BF5E0  Ack: 0x3932FAC2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:00.782617 24.209.174.0:1484 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13159 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4F324D66  Ack: 0x398C82A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:01.020130 24.209.174.0:1493 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13178 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4F3A19CC  Ack: 0x39C0DAE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:10.685727 24.209.174.0:1803 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50441B80  Ack: 0x39ADAE42  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:10.944471 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14264 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5050362C  Ack: 0x3A1150EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.176153 24.209.174.0:1825 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14294 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5055BFD4  Ack: 0x3A76E732  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.432895 24.209.174.0:1836 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14327 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x505ED8A0  Ack: 0x3A235ECF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.660299 24.209.174.0:1841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5063739C  Ack: 0x39CAB81D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.889990 24.209.174.0:1849 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x506A0BBB  Ack: 0x3A76A6B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:12.125005 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14406 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.069263 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.515085 24.209.174.0:1959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50C8712D  Ack: 0x3A484058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.786669 24.209.174.0:1967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14732 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x50D0696C  Ack: 0x3A96D32B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:16.022905 24.209.174.0:1982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14768 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50DC00FE  Ack: 0x3A7DC478  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.520963 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE019A3  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.547580 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE01F57  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.832739 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15578 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AE7E7  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.852969 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AED9B  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.217278 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2935  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.235928 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2EE9  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-12:16:40.498011 209.237.238.173:41503 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:34114 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x44D806F5  Ack: 0x544CBB33  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 300647360 2017053798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-13:17:57.475036 209.237.238.173:57103 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:26943 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x2CA776C4  Ack: 0x3BF5BE61  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 301015052 2018937073 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.042785 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADCBEA  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.061600 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADD19E  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:11:22.206833 24.209.44.83:3455 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x867DAECE  Ack: 0x67E966C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:11:22.239086 24.209.44.83:3455 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x867DB482  Ack: 0x67E966C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:25:06.643899 24.145.209.157:1854 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB21A4DD3  Ack: 0x3937BDA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:25:06.655376 24.145.209.157:1854 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2741 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB21A5387  Ack: 0x3937BDA0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.502338 24.209.174.0:2456 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56742 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x82DCB47A  Ack: 0x4D6996BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.890218 24.209.174.0:2463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56788 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x82E33F92  Ack: 0x4D293335  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.096137 24.209.174.0:2466 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56817 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82E6BAA6  Ack: 0x4D98D031  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.335705 24.209.174.0:2471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82EAFB40  Ack: 0x4E07D0F3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.585107 24.209.174.0:2481 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56890 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x82F424ED  Ack: 0x4D82E08E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:28.810220 24.209.174.0:2485 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82F7C3FB  Ack: 0x4D5513BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:38.397219 24.209.174.0:2739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58344 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x83D80C78  Ack: 0x4DD10DC9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:38.702956 24.209.174.0:2752 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58390 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x83E36272  Ack: 0x4E278DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.030238 24.209.174.0:2760 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58442 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83EB1B28  Ack: 0x4DF569AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.311509 24.209.174.0:2773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83F629BD  Ack: 0x4EAEBA3A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.571200 24.209.174.0:2783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83FD6BDB  Ack: 0x4E792EE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.869654 24.209.174.0:2793 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58578 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8405E07D  Ack: 0x4DF6710D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.162604 24.209.174.0:2798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58626 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x840AE20F  Ack: 0x4E3C4EE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.430002 24.209.174.0:2808 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58670 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841175EE  Ack: 0x4E2402D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.691269 24.209.174.0:2817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8418315A  Ack: 0x4DCEA5CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.997266 24.209.174.0:2827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841F50AF  Ack: 0x4E564B96  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:44.757269 24.209.174.0:3930 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53691 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE64A8BD5  Ack: 0x2DA831AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.119654 24.209.174.0:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53716 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6522B0A  Ack: 0x2DF2A6F8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.330777 24.209.174.0:3942 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE655772F  Ack: 0x2DCE0C00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.550117 24.209.174.0:3951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53758 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE65D7DBB  Ack: 0x2E092F8B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.769444 24.209.174.0:3960 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53787 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE6651D60  Ack: 0x2D44B802  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.353264 24.209.174.0:4233 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54583 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7522357  Ack: 0x2F94E3D5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.583182 24.209.174.0:4240 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54605 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7577686  Ack: 0x2F7F0BAF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:55.796859 24.209.174.0:4251 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54629 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE760C68E  Ack: 0x2F9FABA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:08.576895 24.209.174.0:4556 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE87443C3  Ack: 0x2F9A2E7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.082057 24.209.174.0:4649 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C50989  Ack: 0x2FF4F6CD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.363140 24.209.174.0:4678 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8DAD7F4  Ack: 0x2FB7D61A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.562554 24.209.174.0:4691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8E4859E  Ack: 0x309650DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.825787 24.209.174.0:4701 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56137 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE8EC798C  Ack: 0x302CEF36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.035102 24.209.174.0:4707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8F22016  Ack: 0x30276E36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.262849 24.209.174.0:4713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56169 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE8F6C36F  Ack: 0x2FCD0940  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.478034 24.209.174.0:4718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56184 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8FB0607  Ack: 0x2FC73DB1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:36.734160 24.209.174.0:1153 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4001 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF7D01D13  Ack: 0x386B31C0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.453468 24.209.174.0:1489 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5052 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8EAC693  Ack: 0x39E914A6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.761768 24.209.174.0:1501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8F49BAF  Ack: 0x38FC7C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.052931 24.209.174.0:1511 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8FE4E8E  Ack: 0x39B0B379  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.318909 24.209.174.0:1525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5189 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF90A0883  Ack: 0x391F2282  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:56.916006 24.209.174.0:1807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9FF6A55  Ack: 0x39D7139C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:57.203016 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6120 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA08F38D  Ack: 0x39C8EEBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:57.463093 24.209.174.0:1830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6160 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA140B94  Ack: 0x399F16BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:07.029531 24.209.174.0:2086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6879 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAF36DE0  Ack: 0x3B13F26C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:16.654643 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7598 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBD92238  Ack: 0x3AD385EA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.109580 24.209.174.0:2457 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7898 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC3154F2  Ack: 0x3B148FBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.361750 24.209.174.0:2464 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7921 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC375ABA  Ack: 0x3BCBD5AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.025165 24.209.174.0:2584 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8342 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFC9F4132  Ack: 0x3B9DE1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.359867 24.209.174.0:2597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8394 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCAA3241  Ack: 0x3B631863  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.709302 24.209.174.0:2615 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8450 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCB87228  Ack: 0x3BCA1566  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:25.035061 24.209.174.0:2628 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCC4AA45  Ack: 0x3BEB9791  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:39:23.425134 24.209.98.148:2959 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC608C2C7  Ack: 0x51AC4352  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:39:23.435867 24.209.98.148:2959 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC608C87B  Ack: 0x51AC4352  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:05.793817 24.209.174.0:4681 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26426 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x53E6355A  Ack: 0x6F405AC2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:06.294377 24.209.174.0:4694 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26500 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x53F19914  Ack: 0x6F82F868  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:10.350900 24.209.174.0:4827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54633123  Ack: 0x6F787D6A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:13.885864 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:16.983249 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:17.559218 24.209.174.0:1090 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28194 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5530E478  Ack: 0x700B9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:17.841673 24.209.174.0:1100 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55393D65  Ack: 0x70A620B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:18.088712 24.209.174.0:1105 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28247 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x553E30FD  Ack: 0x7004B46F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.343814 24.209.174.0:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28273 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5542DDA1  Ack: 0x700344FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.614277 24.209.174.0:1125 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x554F3A0A  Ack: 0x707F788A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.191947 24.209.174.0:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55AB78B1  Ack: 0x7060BE47  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.437903 24.209.174.0:1239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28795 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B234BF  Ack: 0x70BCEF9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.661174 24.209.174.0:1246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B7BA37  Ack: 0x7046BA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.914738 24.209.174.0:1255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28848 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x55BF6850  Ack: 0x7070AF84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.125684 24.209.174.0:1259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28864 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55C3A9AA  Ack: 0x70BA21F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.382143 24.209.174.0:1264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28887 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55C806E1  Ack: 0x70CB8741  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.624127 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28923 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55D4F5D3  Ack: 0x70D2EF3B  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]