SnortSnarf alert page

Destination: 192.168.1.6: #5501-5600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 17:34:37.118288 on 05/26/2003
Latest: 11:16:19.198747 on 05/27/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:34:37.118288 24.209.196.254:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2354E4C6  Ack: 0xC5757218  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:34:37.126442 24.209.196.254:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27631 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2354EA7A  Ack: 0xC5757218  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:06:20.675146 24.209.196.254:1160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4C1687D  Ack: 0x3C870F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:06:20.676483 24.209.196.254:1160 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4C16E31  Ack: 0x3C870F1B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:11:08.884014 24.209.229.123:1634 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5EDE73  Ack: 0x4F6EEE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:11:08.914548 24.209.229.123:1634 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5EE427  Ack: 0x4F6EEE29  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.432866 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4021 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAA473  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.458931 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAAA27  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:03:58.605223 24.112.193.145:1059 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:53676 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x96C986C7  Ack: 0xF8A0F7B1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:02.123991 24.112.193.145:1190 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54147 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x97386E00  Ack: 0xF86587E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:03.100482 24.112.193.145:1227 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54300 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9757D917  Ack: 0xF8D8D2DA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:07.128585 24.112.193.145:1343 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54769 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x97BA99A5  Ack: 0xF9642D48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:08.157261 24.112.193.145:1379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54947 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97D95886  Ack: 0xF93DB7A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:04:12.619343 24.112.193.145:1521 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55482 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98521BD9  Ack: 0xF9E54D16  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:04:23.130215 24.112.193.145:1860 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56661 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x99714CDF  Ack: 0xFA1FDDD4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:24.191872 24.112.193.145:1899 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56835 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9992EB88  Ack: 0xFA44EBED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:25.135617 24.112.193.145:1929 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56961 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99ACF11D  Ack: 0xFAB7D027  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:29.155584 24.112.193.145:2056 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A1C1359  Ack: 0xFA5BE86C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:33.126650 24.112.193.145:2201 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57926 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A96F123  Ack: 0xFAE93190  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:37.138085 24.112.193.145:2231 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9AB11444  Ack: 0xFA8289C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:41.141820 24.112.193.145:2361 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58875 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9B1D2EDA  Ack: 0xFAB41434  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:42.178706 24.112.193.145:2474 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B800120  Ack: 0xFB95DDC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:43.171836 24.112.193.145:2512 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59164 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B9FD95E  Ack: 0xFB75686E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:04:44.145103 24.112.193.145:2546 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59300 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9BBA74F0  Ack: 0xFBA41536  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:07:01.861451 24.209.196.254:2500 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58062 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0EEDB6B  Ack: 0x4305F40  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:07:01.896278 24.209.196.254:2500 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:58063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0EEE11F  Ack: 0x4305F40  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:18.111839 24.167.224.150:3399 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56057 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x92ED9D44  Ack: 0x85E8D188  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:18.742680 24.167.224.150:3409 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56093 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x92F6DD3D  Ack: 0x86B80756  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.349347 24.167.224.150:3531 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56430 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9376CD1D  Ack: 0x86ED6177  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.549679 24.167.224.150:3535 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56440 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x937AF58A  Ack: 0x873F8967  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:28.780595 24.167.224.150:3539 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56451 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x937EC648  Ack: 0x875803B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:41:29.016650 24.167.224.150:3541 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56469 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9380CE1F  Ack: 0x872EDB89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-20:41:32.511620 24.167.224.150:3613 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56705 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x93BFC1CB  Ack: 0x86BA6363  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:36.023741 24.167.224.150:3674 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56870 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x93F68671  Ack: 0x873BBC70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:36.235446 24.167.224.150:3677 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56885 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x93F97C14  Ack: 0x878F943A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:45.680082 24.167.224.150:3819 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57321 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948471AB  Ack: 0x88399DC8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:45.926156 24.167.224.150:3824 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948961BC  Ack: 0x87A157F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:46.122923 24.167.224.150:3829 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x948D5BED  Ack: 0x8852D123  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:55.592957 24.167.224.150:3957 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57725 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x950BE332  Ack: 0x8825F495  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.516276 24.167.224.150:3957 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57825 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x950BE332  Ack: 0x8825F495  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.795054 24.167.224.150:3994 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57835 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95337ADC  Ack: 0x88B70233  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:41:58.991017 24.167.224.150:3996 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57848 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x95358F1A  Ack: 0x88E8D9BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-20:42:02.423014 24.167.224.150:4045 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9565C847  Ack: 0x88E53473  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.481484 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C330C  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.507091 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C38C0  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.480033 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60675 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36F715  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.500106 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36FCC9  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:44:30.108381 24.209.98.148:4685 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:24076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CD1FE5A  Ack: 0x748EF146  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:44:30.141613 24.209.98.148:4685 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:24077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6CD2040E  Ack: 0x748EF146  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-00:14:28.755438 216.39.48.30:51191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29896 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x94B32EC7  Ack: 0xAB0ABB95  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 569596433 2171869930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-00:14:29.214033 216.39.48.30:51191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29897 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x94B32EC7  Ack: 0xAB0ABB95  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 569596481 2171869930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:03:27.844793 24.209.229.123:2609 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA11B8241  Ack: 0x64903490  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:10:54.608210 24.209.229.123:3598 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:54386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCED9BB1  Ack: 0x805E735E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:10:54.693044 24.209.229.123:3598 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:54387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCEDA165  Ack: 0x805E735E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:44.410134 24.52.59.25:1243 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6021 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA0BB2016  Ack: 0x9D9A751D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:45.515605 24.52.59.25:1256 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0C8933E  Ack: 0x9E254FE3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:45.911486 24.52.59.25:1276 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6113 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0D8CA59  Ack: 0x9D8D19A5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:46.250630 24.52.59.25:1285 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6145 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0E163C8  Ack: 0x9DABD888  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:46.620017 24.52.59.25:1304 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6167 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F083C5  Ack: 0x9DF42AAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:49.556066 24.52.59.25:1304 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F083C5  Ack: 0x9DF42AAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:18:49.895941 24.52.59.25:1370 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6349 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1307735  Ack: 0x9E168E61  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:18:50.195748 24.52.59.25:1374 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6368 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1335A6B  Ack: 0x9DD095F1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:50.481133 24.52.59.25:1375 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6392 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA135791C  Ack: 0x9DE30AB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:50.741022 24.52.59.25:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA14367C2  Ack: 0x9E1CB1AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:53.727252 24.52.59.25:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA14367C2  Ack: 0x9E1CB1AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.124210 24.52.59.25:1469 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA186B3CB  Ack: 0x9E34B232  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.399060 24.52.59.25:1479 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6626 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA18F9AD6  Ack: 0x9E857C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:18:54.702894 24.52.59.25:1485 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA193F050  Ack: 0x9ED97FB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:40.849232 24.52.59.25:2617 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9849 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA588353C  Ack: 0xA161DD30  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:41.825925 24.52.59.25:2654 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5A8B1CC  Ack: 0xA142AEC1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:45.414886 24.52.59.25:2738 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10181 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5F73077  Ack: 0xA17384D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:19:46.319714 24.52.59.25:2760 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10236 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6091EA1  Ack: 0xA1D491A7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:57.980344 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21483 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9D70A  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:58.024989 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9DCBE  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-01:46:39.545674 216.39.48.30:54191 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16074 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xF110F73C  Ack: 0x6CE8AD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 570149385 2174702668 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.025401 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3BB30  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.040359 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3C0E4  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.180476 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x86326AE6  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.212386 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8632709A  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:37:58.769885 24.203.49.12:4020 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61677 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x84B92148  Ack: 0xABD6E815  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:09.631463 24.203.49.12:4694 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63934 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8689CE24  Ack: 0xAC188A88  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:22.535009 24.203.49.12:1420 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1180 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8850EE47  Ack: 0xACD13398  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:26.617743 24.203.49.12:1629 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1936 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x88F6D594  Ack: 0xAD5997BC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:28.586683 24.203.49.12:1866 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2305 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89B83EE6  Ack: 0xADD3204D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-03:38:30.368563 24.203.49.12:1937 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2673 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x89F1C641  Ack: 0xADC6E38B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-03:38:31.419829 24.203.49.12:2027 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2780 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A394228  Ack: 0xAE2F9911  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:42.161807 24.203.49.12:2528 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4774 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BCCE414  Ack: 0xAE891007  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-03:38:42.873807 24.203.49.12:2603 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8C0CA3DD  Ack: 0xAE5A17CD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-06:34:50.650231 64.68.82.36:17418 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:1516 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x3153DCAA  Ack: 0x4805543F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 780786467 2183556522 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-07:11:06.368924 209.237.238.158:2982 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:27050 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB6E76880  Ack: 0xD1553370  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 930229681 2184673286 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-07:37:16.106293 24.192.100.125:3808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27136 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C804870  Ack: 0x3445696E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-07:37:18.539924 24.192.100.125:3808 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27354 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C804E24  Ack: 0x3445696E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:46:00.432170 24.237.10.95:1519 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39102 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C0E21CE  Ack: 0x37789C31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:46:00.474670 24.237.10.95:1519 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39103 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C0E2782  Ack: 0x37789C31  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-08:48:10.667700 209.237.238.174:36095 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:8266 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x28CD98B8  Ack: 0x3F340098  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 333953293 2187656376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:55:58.458671 24.112.69.8:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8338DD3F  Ack: 0x5D033A4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-08:55:58.460422 24.112.69.8:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8338E2F3  Ack: 0x5D033A4B  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:18.615703 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2AD3496  Ack: 0x700D3096  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:18.959967 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2AD3536  Ack: 0x700D3204  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:16:19.198747 129.137.186.208:3024 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:124 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xFFE75EA4  Ack: 0x6FA82B04  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]