SnortSnarf alert page

Destination: 192.168.1.6: #5001-5100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:01:19.678054 on 05/23/2003
Latest: 04:35:59.232453 on 05/24/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:19.678054 24.209.174.0:3092 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56526 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC670258  Ack: 0xA53C516A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.067678 24.209.174.0:3096 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC6BB216  Ack: 0xA5BB3B6A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.292654 24.209.174.0:3104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC735963  Ack: 0xA5639F71  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.731683 24.209.174.0:3210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACCBF275  Ack: 0xA6512C54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.967278 24.209.174.0:3217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xACD293C7  Ack: 0xA5E7377F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:24.216694 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57009 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACDAEE1E  Ack: 0xA5E2A757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:33.686810 24.209.174.0:3471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57855 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xADB153E0  Ack: 0xA6D661F7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:33.946667 24.209.174.0:3479 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57885 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xADB8849E  Ack: 0xA683B50A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.626483 24.209.174.0:3581 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58270 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE128C25  Ack: 0xA69DE665  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.827629 24.209.174.0:3591 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE1B74EC  Ack: 0xA679AEF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:47.358791 24.209.174.0:3860 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0AE8F3  Ack: 0xA75CAE2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:56.997391 24.209.174.0:4111 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFE5FFDF  Ack: 0xA7F6938E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:06.612727 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61000 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:09.601865 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61283 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.017135 24.209.174.0:4508 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61318 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB13B09A6  Ack: 0xA838CB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.236151 24.209.174.0:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61342 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB13FF6FD  Ack: 0xA903B0CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.449728 24.209.174.0:4517 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB143A265  Ack: 0xA8319FF4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:09:14.596446 24.98.123.239:4302 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8956B38A  Ack: 0xC30A12DF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:10:40.269785 80.58.5.44:48533 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:2666 IpLen:20 DgmLen:432 DF
***AP*** Seq: 0xB91478CC  Ack: 0xC8386669  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 548303543 2024244652 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:15:52.360987 24.209.98.148:4227 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6879 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AC324A9  Ack: 0xDBD2CE9F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:15:52.373009 24.209.98.148:4227 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6880 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AC32A5D  Ack: 0xDBD2CE9F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:40.905657 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x183C504C  Ack: 0xE66F9904  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.256077 24.209.174.0:3238 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38409 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1845BA4C  Ack: 0xE70CF69C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.522890 24.209.174.0:3245 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38446 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x184C0B1F  Ack: 0xE6FC735F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.070671 24.209.174.0:3280 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x18689091  Ack: 0xE6BA3306  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.328540 24.209.174.0:3292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18727C1E  Ack: 0xE6C7B6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.565808 24.209.174.0:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38585 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x18758B58  Ack: 0xE68734BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.787267 24.209.174.0:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38613 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x187B572F  Ack: 0xE72866F9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:43.002201 24.209.174.0:3312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38640 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x18836099  Ack: 0xE65DB1EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.628395 24.209.174.0:3398 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18CE19AF  Ack: 0xE6D67D12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.972611 24.209.174.0:3429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18E614E0  Ack: 0xE770DC25  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:47.262194 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:50.246691 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:51.035263 24.209.174.0:3537 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39488 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1947824D  Ack: 0xE6EEAB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.538696 24.209.174.0:3630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x199A3A37  Ack: 0xE7157258  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.841176 24.209.174.0:3638 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19A0FA82  Ack: 0xE7AA086E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.094096 24.209.174.0:3646 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39824 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19A89812  Ack: 0xE79FD184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.311770 24.209.174.0:3651 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19ADD1D9  Ack: 0xE77BAD33  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:19:38.313895 24.209.44.83:4045 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3664E4CD  Ack: 0xE9F0FBBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:19:38.345122 24.209.44.83:4045 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3664EA81  Ack: 0xE9F0FBBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:29:16.348970 24.209.44.83:4484 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6731C562  Ack: 0xF06A42A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:29:16.380877 24.209.44.83:4484 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1214 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6731CB16  Ack: 0xF06A42A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:34:56.149944 24.209.98.148:2819 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57930 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x831850C  Ack: 0x237F74E6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:34:56.190233 24.209.98.148:2819 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57931 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8318AC0  Ack: 0x237F74E6  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:45:34.615342 24.209.125.171:3858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38066523  Ack: 0x4BFEBD2C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:45:34.623996 24.209.125.171:3858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38066AD7  Ack: 0x4BFEBD2C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.947828 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9985DC5  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.968587 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50351 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9986379  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:19:12.693029 209.237.238.172:56658 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:20872 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x80B23D80  Ack: 0x90C9EFEC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 303197445 2030038725 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:49:51.186722 24.209.44.83:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20642 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1012D65D  Ack: 0x43389F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:49:51.220075 24.209.44.83:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1012DC11  Ack: 0x43389F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:57:55.281574 24.34.91.29:1082 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:29119 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9D50208F  Ack: 0x22A0A892  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:57:56.365791 24.34.91.29:1190 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:29207 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9DAAD316  Ack: 0x238AEB6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:06.278437 24.34.91.29:1431 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:30235 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9E7D8721  Ack: 0x238F9E62  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:15.963081 24.34.91.29:1677 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31236 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9F58BE51  Ack: 0x24A18B46  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:25.830050 24.34.91.29:1962 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32494 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA04CAD18  Ack: 0x24BAF158  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:58:39.000381 24.34.91.29:2229 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:157
***AP*** Seq: 0xA139C00E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-19:58:39.333215 24.34.91.29:2342 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:34097 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA19AA76E  Ack: 0x25C4EC62  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:58:58.045736 24.34.91.29:2604 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36221 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA27FC47E  Ack: 0x26280D64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:01.675283 24.34.91.29:2845 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36573 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA35828A8  Ack: 0x270EE686  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:11.495755 24.34.91.29:3146 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:37670 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA466D410  Ack: 0x27857227  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:21.465903 24.34.91.29:3415 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:38814 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA54C8F13  Ack: 0x281DC0F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:31.419950 24.34.91.29:3655 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA61BCF13  Ack: 0x28D5FD9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:41.179189 24.34.91.29:3662 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40968 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA6248217  Ack: 0x287A6A9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-19:59:41.909193 24.34.91.29:3917 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:41028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7057B98  Ack: 0x29A3F8E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:19.535591 24.203.122.222:3035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38368 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x49D14933  Ack: 0xD6C1F7B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:24.672868 24.203.122.222:3063 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39006 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x49EF27E5  Ack: 0xD6677784  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:29.854822 24.203.122.222:3251 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39568 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A8E4461  Ack: 0xD6F196B2  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:32.387725 24.203.122.222:3431 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4B18464A  Ack: 0xD7CA5CA4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:45:46.279615 24.203.122.222:3856 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41557 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C745CAA  Ack: 0xD7BE997A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-20:45:51.251172 24.203.122.222:4005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42126 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4CF67602  Ack: 0xD81A87A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:59:35.667122 24.100.74.154:4460 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11127 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A524109  Ack: 0xC00C510  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-20:59:35.859204 24.100.74.154:4460 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5246BD  Ack: 0xC00C510  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:15:27.405652 24.209.196.254:4927 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64F0CA  Ack: 0x476B1641  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:15:27.413733 24.209.196.254:4927 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42781 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAA64F67E  Ack: 0x476B1641  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-21:47:06.500861 24.209.196.254:1797 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D0A90B3  Ack: 0xBE40EA41  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-22:05:54.037896 24.209.44.83:4261 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6068C3E  Ack: 0x6547B92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-22:05:54.077504 24.209.44.83:4261 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60691F2  Ack: 0x6547B92  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-22:54:11.549527 209.237.238.158:4018 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:6857 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x1829F409  Ack: 0xBC6F288D  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 901331680 2036645282 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:29.863726 24.127.15.16:2871 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39739 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x616A86E3  Ack: 0xAF008610  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:30.617221 24.127.15.16:2911 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39844 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x618C3966  Ack: 0xAF3730FF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:30.940091 24.127.15.16:2928 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39892 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x619A1DD3  Ack: 0xAEC4107F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:31.261176 24.127.15.16:2949 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:39948 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61AA231B  Ack: 0xAE9E2279  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:31.599554 24.127.15.16:2975 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40019 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61BF7827  Ack: 0xAF6AEF83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-03:21:31.962394 24.127.15.16:2999 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40098 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61D18CC7  Ack: 0xAF4CA47F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-03:21:32.276037 24.127.15.16:3034 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:40175 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61ED4034  Ack: 0xAF1B4837  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:45.183641 24.127.15.16:3744 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:42977 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6415EA26  Ack: 0xAFEB177C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:54.824838 24.127.15.16:4634 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44819 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66D65D4F  Ack: 0xB06B7515  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.146346 24.127.15.16:4658 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44883 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66E76B1A  Ack: 0xB0447301  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.530042 24.127.15.16:4673 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44919 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66F32928  Ack: 0xAFFF0CA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:55.892141 24.127.15.16:4692 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:44981 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x670238F9  Ack: 0xB0BF1419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:56.229339 24.127.15.16:4707 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45035 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x670E594E  Ack: 0xB01FB5B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:56.597546 24.127.15.16:4741 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45115 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672825F5  Ack: 0xB007769D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:21:59.579579 24.127.15.16:4741 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672825F5  Ack: 0xB007769D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:22:00.120048 24.127.15.16:4978 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45722 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67E304AD  Ack: 0xB10DB3EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:22:00.470128 24.127.15.16:1028 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:45788 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67F516FE  Ack: 0xB0903ECD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.696484 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC8277  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.716715 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC882B  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:35:59.223488 24.218.174.97:3814 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:23293 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CE73EBD  Ack: 0xC7CF061E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:35:59.232453 24.218.174.97:3814 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:23294 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CE74471  Ack: 0xC7CF061E  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]