SnortSnarf alert page

Destination: 192.168.1.6: #501-600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 17:50:13.969574 on 04/24/2003
Latest: 15:11:24.613908 on 04/25/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:13.969574 24.29.173.81:1962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15804 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8A54B09E  Ack: 0x7683508C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:14.094369 24.29.173.81:1968 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15832 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A59BE8E  Ack: 0x772A7E5C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:14.190848 24.29.173.81:1970 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A5BFE2E  Ack: 0x7735DAD2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:23.300211 24.29.173.81:2205 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17118 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B275617  Ack: 0x7729D397  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:50:23.430169 24.29.173.81:2210 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8B2BC951  Ack: 0x7772309B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:50:23.608118 24.29.173.81:2215 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17179 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8B30152A  Ack: 0x7720FD20  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:23.685440 24.29.173.81:2220 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8B341F35  Ack: 0x77897FAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:26.841527 24.29.173.81:2299 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17664 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B77568E  Ack: 0x78010CC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:29.918958 24.29.173.81:2402 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD2C37C  Ack: 0x7788693C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.008035 24.29.173.81:2406 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18221 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD52543  Ack: 0x77D52273  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.200870 24.29.173.81:2409 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18248 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BD7D68D  Ack: 0x77685A82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.438248 24.29.173.81:2416 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18307 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BDD8B1E  Ack: 0x7847EA8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.547785 24.29.173.81:2422 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18333 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BE28ECF  Ack: 0x781C41C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:30.620728 24.29.173.81:2425 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18352 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BE524B2  Ack: 0x78442B63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:33.710456 24.29.173.81:2548 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18960 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C4BF6C4  Ack: 0x7878CFA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-18:11:43.953116 216.39.48.44:56944 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61709 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x87BA4A17  Ack: 0xC7A25C15  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379829037 744658990 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
04/24-18:46:56.379106 192.234.167.242:23158 -> 192.168.1.6:22
TCP TTL:107 TOS:0x0 ID:61429 IpLen:20 DgmLen:1104 DF
***AP*** Seq: 0x477B4CD9  Ack: 0x2F6B9106  Win: 0xF6A0  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS436]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-18:51:37.860752 216.39.48.94:54116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64825 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E72C70F  Ack: 0x5EA03F57  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 389429833 745885080 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-19:57:37.761536 216.39.48.207:56426 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:41928 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x17BC8A6C  Ack: 0x57260BD7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66922941 747913224 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:30.978589 24.95.244.129:3341 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19663 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD2815C1  Ack: 0x8FC05102  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:33.796264 24.95.244.129:3402 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19938 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD5ECEFC  Ack: 0x90132054  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:35.941544 24.95.244.129:3472 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20172 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9C1B05  Ack: 0x90366C32  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:38.716318 24.95.244.129:3525 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20421 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDCCD888  Ack: 0x9072255F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:43.860150 24.95.244.129:3665 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20970 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE494F8C  Ack: 0x90B529E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-20:12:49.136543 24.95.244.129:3802 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21501 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC2F4E7  Ack: 0x906A904C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-20:12:54.070206 24.95.244.129:3930 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21989 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF33FC36  Ack: 0x9110EA0B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:55.877316 24.95.244.129:3975 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22175 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF5D10EE  Ack: 0x9172B544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:12:57.844134 24.95.244.129:4020 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22397 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF86727B  Ack: 0x91C7B79C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:02.936058 24.95.244.129:4152 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22926 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFCA0DC  Ack: 0x91FC2CE7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:05.478802 24.95.244.129:4213 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23163 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x10314E99  Ack: 0x922FA3F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:17.123740 24.95.244.129:4496 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x112A05C8  Ack: 0x92D06FE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:28.073679 24.95.244.129:4795 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25405 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x123005AA  Ack: 0x93161981  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:31.042254 24.95.244.129:4795 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x123005AA  Ack: 0x93161981  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:39.254016 24.95.244.129:1125 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13360682  Ack: 0x93F9D3D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:41.577503 24.95.244.129:1181 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1367EC60  Ack: 0x943AF405  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-20:13:52.210040 24.95.244.129:1471 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:27907 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1467272F  Ack: 0x94378E95  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:02:27.929562 216.39.50.114:54998 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC66F7A8  Ack: 0x4D1AD866  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390211469 749905657 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:18:43.139933 24.209.203.150:3028 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58653 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x26861C3E  Ack: 0x8B0A8B62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:18:43.158477 24.209.203.150:3028 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x268621F2  Ack: 0x8B0A8B62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:37:59.655433 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27666 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8ABFBDA9  Ack: 0xD3C74DCC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-21:37:59.676221 24.209.203.150:4480 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27667 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8ABFC35D  Ack: 0xD3C74DCC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:38:25.151359 66.196.65.24:18434 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:18078 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9B1807B6  Ack: 0xD59783C6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:38:25.713408 66.196.65.24:18434 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:18079 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9B1807B6  Ack: 0xD59783C6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:43:05.440086 216.39.50.84:58178 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50541 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA5C50B14  Ack: 0xE6D8B077  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390450824 751154077 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-21:52:02.556109 216.39.50.24:35027 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57510 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC7EF06B0  Ack: 0x8839FF8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372499992 751429187 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:14:17.158745 24.128.89.17:3648 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E3ED799  Ack: 0x5CEF91A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:14:17.161450 24.128.89.17:3648 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28372 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E3EDD4D  Ack: 0x5CEF91A8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:18:52.190648 216.39.50.54:39943 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8483 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2CFA3EE4  Ack: 0x6DA2FA2C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390668239 752253594 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:40:29.549164 216.39.50.114:55603 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20976 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7ED47196  Ack: 0xBF1F139C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 390799496 752918063 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:46:36.091743 24.93.116.225:4207 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60875 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF02EF7EA  Ack: 0xD6BC82C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-22:46:36.096246 24.93.116.225:4207 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60876 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF02EFD9E  Ack: 0xD6BC82C0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-22:51:26.752533 66.196.65.24:21739 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:8071 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDBE72DDD  Ack: 0xE88B7036  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:18:53.565776 216.39.50.33:50720 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x10161611  Ack: 0x504E296F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381769187 754098112 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:37:39.870419 216.39.50.44:33778 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:63698 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x56CB689E  Ack: 0x975E4C43  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381784155 754674973 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-23:56:52.639219 216.39.50.84:46150 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64220 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9F01F785  Ack: 0xDF72E9A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391253355 755265387 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-00:48:13.860735 216.39.50.94:42632 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59756 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x610D375B  Ack: 0xA13BB567  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391568959 756843495 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-00:50:15.540960 66.196.65.24:44120 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:57838 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD7DAC1C  Ack: 0xA9CDDF45  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:06:55.107000 216.39.50.94:42246 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59862 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA72C7DDC  Ack: 0xE7D85954  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391681058 757417738 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:19:07.568707 216.39.50.114:55304 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5406 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD503B087  Ack: 0x16936B24  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 391751079 757792915 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-01:50:41.276632 216.39.50.24:34812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CB1C701  Ack: 0x8E490374  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373931512 758762809 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:09:20.298723 66.196.65.24:58302 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:17727 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x244AF14A  Ack: 0xD4844FE4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:17:29.025277 216.39.50.74:52272 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42383 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2484AC9  Ack: 0xF36ABE8A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392097621 759586241 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-02:57:21.890523 216.39.50.74:42285 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50622 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x48F95079  Ack: 0x8A0525D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392336851 760811807 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:06:01.127041 216.39.50.24:33799 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33791 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x699F20F7  Ack: 0xAA13364B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374383386 761077744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:34:09.328354 216.39.50.54:58163 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12806 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD2E1C98D  Ack: 0x151A7D7E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392559509 761942400 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:41:23.265521 66.196.65.24:26688 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:34897 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8342F81F  Ack: 0x2F70B96E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-03:55:19.766597 216.39.50.64:38922 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x23071D88  Ack: 0x6504DC44  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392686697 762593077 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-04:17:38.498155 216.39.50.13:48639 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43154 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x77E4A42F  Ack: 0xB96CE4CF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 392826059 763278740 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:14:11.470101 216.39.50.33:54760 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28230 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CE9B498  Ack: 0x8ED865DB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383900384 765016522 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:15:39.973386 216.39.50.44:45001 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42169 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x51FD24FE  Ack: 0x940374DC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383811672 765061843 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:21:33.130190 66.196.65.24:7374 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:14532 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDEA8BE20  Ack: 0xA9B87513  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-05:57:14.069521 216.39.50.74:44347 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43887 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF56A71F  Ack: 0x320E8C86  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 393415811 766339240 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-06:26:45.643847 216.39.50.24:48854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5F133C9F  Ack: 0xA1807D8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375587541 767246603 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-07:32:56.417654 216.39.50.64:58723 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16448 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D99756  Ack: 0x9B3ADFDC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 393992056 769280317 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:05:44.908207 216.39.50.114:55929 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8102 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FFC23A  Ack: 0x168D0C09  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394190252 770288514 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:16:42.906576 216.39.50.54:52614 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:38439 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFECC4E54  Ack: 0x40EAA31F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394254468 770625528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:17:35.100774 216.39.50.74:48143 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2031197  Ack: 0x43EF38C2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394257714 770652257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:33:36.794624 216.39.50.54:57213 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18187 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3E072361  Ack: 0x80282B01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394355833 771144800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:34:04.844238 216.39.50.94:48763 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F97A49D  Ack: 0x81F84690  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394363437 771159180 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-08:34:34.753261 24.245.10.192:3736 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x424DA375  Ack: 0x83D5F5F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-08:34:34.762383 24.245.10.192:3736 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10963 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x424DA929  Ack: 0x83D5F5F2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:36:44.679454 216.39.50.33:56932 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21648 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A693055  Ack: 0x8B8454FC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385115367 771241043 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-08:47:10.701566 216.39.50.84:49942 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x727885C0  Ack: 0xB39524C5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394434415 771561672 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-09:21:10.802172 216.39.50.24:56389 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53284 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF18F2999  Ack: 0x336E99AB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376633799 772606553 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-09:58:40.281823 216.39.50.74:33686 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42409 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7F8B806F  Ack: 0xC1B496B5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394864087 773758665 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-10:03:39.573664 216.39.50.64:52566 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42381 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x91BA0699  Ack: 0xD3EC6F66  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394896160 773911959 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-10:32:41.423658 216.39.50.54:51812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44599 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75E496  Ack: 0x41412489  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395070127 774804074 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-11:50:28.735667 216.39.50.74:50491 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25D7E90F  Ack: 0x67314393  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395534772 777194528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:11:44.965699 216.39.50.84:44821 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9021 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75ED73E0  Ack: 0xB85E0E29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395661554 777848192 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:17:17.919299 216.39.50.64:51189 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57216 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8B7701FD  Ack: 0xCD092ECE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 395697807 778018723 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-12:41:56.121769 66.196.65.24:32893 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:22446 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x367D6B8C  Ack: 0x2AF43CD6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-12:59:20.272349 24.209.37.151:1193 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA0E32C  Ack: 0x6BDEEB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-12:59:20.344485 24.209.37.151:1193 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36605 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA0E8E0  Ack: 0x6BDEEB09  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-13:16:23.595868 24.209.37.151:2483 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8137 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C1889DF  Ack: 0xABF12651  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-13:16:23.618369 24.209.37.151:2483 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8138 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C188F93  Ack: 0xABF12651  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:03:54.945419 66.77.73.149:1829 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:29624 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0x6C01760F  Ack: 0x6023D7B1  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 138556507 781295103 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:08:43.127168 216.39.50.104:34958 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20886 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x305158EE  Ack: 0x71E8F13D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396364166 781442689 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:34:55.392436 216.39.50.114:45741 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39320 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x937BE559  Ack: 0xD480A1CE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396524763 782247957 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-14:41:51.027713 216.39.50.64:51905 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64173 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACBAE30F  Ack: 0xEEF1AAB6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396564914 782460831 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:11:24.613908 216.39.50.33:46578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33623 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1CD5076B  Ack: 0x5DF9E4CC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387482700 783369213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]