SnortSnarf alert page

Destination: 192.168.1.6: #5201-5300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:59:22.247493 on 05/24/2003
Latest: 00:48:39.422353 on 05/25/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.247493 24.209.191.91:2839 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62558 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x382A2185  Ack: 0x17CF4D05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.483045 24.209.191.91:2858 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38388D4A  Ack: 0x17FF4912  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.749178 24.209.191.91:2877 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62649 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3847C535  Ack: 0x187049A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:26.017785 24.209.191.91:3203 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:63626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3941961E  Ack: 0x18863600  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:41.369300 24.209.191.91:1993 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:18329 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4C2361F9  Ack: 0x996A01DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:45.417783 24.209.191.91:2041 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:110
***AP*** Seq: 0x4C4639C6  Ack: 0x1AEF1482  Win: 0x0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:48.806940 24.209.191.91:2406 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:20641 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D5C6FA5  Ack: 0x99C881E4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:52.234347 24.209.191.91:2710 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E402CE1  Ack: 0x99E92B30  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:55.604578 24.209.191.91:3300 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4FFF960A  Ack: 0x9B0300A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-14:33:55.917150 24.209.191.91:3330 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22976 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50158A77  Ack: 0x9A9104B4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-14:33:56.235984 24.209.191.91:3356 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23079 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50292A3E  Ack: 0x9A657F16  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:56.605316 24.209.191.91:3386 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23200 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x503FF0AE  Ack: 0x9A8747B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:33:57.055911 24.209.191.91:3420 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x50598465  Ack: 0x9A62AE06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:00.328167 24.209.191.91:3705 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24258 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51345181  Ack: 0x9ADDCB3E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:00.710277 24.209.191.91:3727 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x514548A0  Ack: 0x9B2A3EA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:01.002850 24.209.191.91:3757 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x515CE988  Ack: 0x9B22C04E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.279738 24.209.191.91:4063 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25536 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5244BB7E  Ack: 0x9B599D8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.510464 24.209.191.91:4089 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25646 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5255B537  Ack: 0x9B63B0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:04.740043 24.209.191.91:4113 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25737 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5268A90B  Ack: 0x9AD57CB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-14:34:05.086257 24.209.191.91:4138 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:25846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x527B7742  Ack: 0x9B84A861  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.732202 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B326  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.754715 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B8DA  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.285943 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451837  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.336206 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451DEB  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:30:39.557872 24.209.196.254:2680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17D38102  Ack: 0x5482FD0E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:30:39.565802 24.209.196.254:2680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20898 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17D386B6  Ack: 0x5482FD0E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.712080 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14378C5F  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.763110 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14379213  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.949163 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36887 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CAB86F  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.974994 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36888 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CABE23  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.281781 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12D45B  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.338429 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12DA0F  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:31:24.876406 24.209.44.83:3225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37126 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D664E4D  Ack: 0x39B542A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:31:24.910641 24.209.44.83:3225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37127 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D665401  Ack: 0x39B542A4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:16:08.733330 24.209.196.254:3230 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F1B0FC6  Ack: 0xE13EEDCE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:16:08.741554 24.209.196.254:3230 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23533 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F1B157A  Ack: 0xE13EEDCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-18:29:12.932053 24.209.196.254:4160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA61957A5  Ack: 0x1396F842  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:08:27.990491 216.39.48.30:41326 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:11029 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x961892E0  Ack: 0xA798331B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 550484449 2073960927 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.723127 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59624 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23349FDB  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.763817 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2334A58F  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:24:38.323329 24.209.44.83:4914 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB52C81E  Ack: 0xE4E20EBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:24:38.370235 24.209.44.83:4914 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB52CDD2  Ack: 0xE4E20EBD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:24:52.205396 209.237.238.172:44494 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:41315 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xD4B466B6  Ack: 0xE5C2ACE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 311871455 2074465069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:29:34.297021 209.237.238.174:52119 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:40422 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE64D6C18  Ack: 0xF7A285D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 311882240 2074609549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:45:50.102865 24.209.229.123:4947 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6682 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FFBDA42  Ack: 0x349609B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:45:50.125634 24.209.229.123:4947 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FFBDFF6  Ack: 0x349609B5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:51:59.764101 216.39.48.30:49201 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21423 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x39CEE679  Ack: 0x4BD60CDA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 550745570 2075298670 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:57:01.983332 24.209.196.254:4236 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68AB5B6C  Ack: 0x5E7A3C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:57:01.991285 24.209.196.254:4236 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29048 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68AB6120  Ack: 0x5E7A3C41  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:44.302550 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E341  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:50.074993 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:65259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E341  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-20:51:50.117857 24.209.196.254:4822 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:65262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7053E8F5  Ack: 0x2E08A86C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:14:36.333626 216.39.48.30:49047 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23130 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x71FB1FD3  Ack: 0x83F46069  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 551241119 2077837282 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:16:16.723629 24.209.229.123:3200 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F4D2D24  Ack: 0x89BF9908  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:16:16.749089 24.209.229.123:3200 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:2560 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5F4D32D8  Ack: 0x89BF9908  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.930690 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7A83C  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.951143 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59843 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7ADF0  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:39.515395 24.98.50.142:4931 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25782 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD4B6045B  Ack: 0x23A4CD84  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:42.896805 24.98.50.142:4988 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25868 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD4DC9944  Ack: 0x238525AE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:43.075319 24.98.50.142:4989 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:25875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4DDB9D3  Ack: 0x233C710E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.275879 24.98.50.142:1133 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26150 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD5573568  Ack: 0x23CB8533  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.400613 24.98.50.142:1137 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD55B3346  Ack: 0x24248329  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:56:52.547044 24.98.50.142:1139 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55D6528  Ack: 0x2435059C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-21:56:52.670205 24.98.50.142:1140 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD55EC04A  Ack: 0x24A1700C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:52.853959 24.98.50.142:1142 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26194 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD56151E6  Ack: 0x24569287  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:53.000186 24.98.50.142:1146 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26210 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5644FD3  Ack: 0x23F560C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:53.171065 24.98.50.142:1150 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26228 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD567F9D7  Ack: 0x24A837F7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.333834 24.98.50.142:1200 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26372 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5986B37  Ack: 0x24F0F3E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.464017 24.98.50.142:1203 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26381 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD59B7C6F  Ack: 0x24ADCBF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.622132 24.98.50.142:1208 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26392 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD59F6D3E  Ack: 0x24999A6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.800214 24.98.50.142:1211 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD5A240CA  Ack: 0x24307936  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:56.945925 24.98.50.142:1214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26409 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD5A56B5D  Ack: 0x2420746F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:56:57.100911 24.98.50.142:1215 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD5A6A4A2  Ack: 0x245C60AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.484614 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6920B2D  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.507811 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF69210E1  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:34:12.713604 209.237.238.159:3090 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:51883 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFDB84DA0  Ack: 0xB0768DA9  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 910268051 2080283704 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:36:44.435082 216.39.48.30:55568 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:30883 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xA7E8B298  Ack: 0xBA01BE51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 551733826 2080361420 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:48:52.097014 24.206.140.78:2769 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33163 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBA2C03FB  Ack: 0xE9A38C63  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:48:55.861302 24.206.140.78:2904 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33601 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBA9A71BD  Ack: 0xE94C6CFE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:04.215557 24.206.140.78:3166 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34468 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB6F11F1  Ack: 0xE9D76C65  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:07.238422 24.206.140.78:3365 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBC08B72C  Ack: 0xEA3FFA92  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:19.655491 24.206.140.78:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:36755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDA199E2  Ack: 0xEAAB2A03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:49:29.704817 24.206.140.78:4138 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:37992 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBE723652  Ack: 0xEAD9B6C9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-22:49:35.812538 24.206.140.78:4566 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38950 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBFC5D7C5  Ack: 0xEBF0F74A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:37.907430 24.206.140.78:4700 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39278 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC0182E3E  Ack: 0xEB783357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:40.654516 24.206.140.78:4837 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39678 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC062A7CE  Ack: 0xEBB24B31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:52.293508 24.206.140.78:1480 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:41508 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC203B8F2  Ack: 0xEC93AE82  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:49:58.233376 24.206.140.78:1740 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42386 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC2CEE108  Ack: 0xECDC0E76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:00.214787 24.206.140.78:1836 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42692 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC31C17C1  Ack: 0xEDA5437E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:01.896017 24.206.140.78:1925 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42960 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC35C1412  Ack: 0xED99899D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:03.535043 24.206.140.78:2005 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43223 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC399D4A7  Ack: 0xED7A9147  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:05.381835 24.206.140.78:2090 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43474 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC3DE3DC2  Ack: 0xED66F502  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:50:08.137520 24.206.140.78:2178 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:43838 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC42490E3  Ack: 0xED50630D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-23:37:14.581529 216.39.48.30:41671 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23909 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x8C6B0E8E  Ack: 0x9ED4F75E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 552096763 2082220709 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.425289 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BDF92  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.460055 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BE546  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:38.541976 24.92.8.8:1537 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36249 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA35FCE73  Ack: 0xAC849179  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:38.985490 24.92.8.8:1547 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36304 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA368B93E  Ack: 0xAC5D4D09  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.227145 24.92.8.8:1555 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36349 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA36F051A  Ack: 0xACCCBE0A  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.422353 24.92.8.8:1566 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36374 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA37767E0  Ack: 0xAD1EFB5A  Win: 0xFAF0  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]