SnortSnarf alert page

Destination: 192.168.1.6: #5601-5700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:52:05.755259 on 05/27/2003
Latest: 03:51:32.597107 on 05/28/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:05.755259 24.198.148.104:2162 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74977DD1  Ack: 0xF62F73B0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:08.009503 24.198.148.104:2247 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29648 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x74DFF043  Ack: 0xF647C936  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:09.825182 24.198.148.104:2286 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75025B8D  Ack: 0xF6CC9B45  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:11.380119 24.198.148.104:2344 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30018 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75353F58  Ack: 0xF69DBE95  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:12.338145 24.198.148.104:2382 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30134 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75562F05  Ack: 0xF708AD35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:52:13.374533 24.198.148.104:2409 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30260 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x756D6F35  Ack: 0xF7566C1D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-11:52:14.251928 24.198.148.104:2437 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75864B45  Ack: 0xF74BD3CB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:15.221736 24.198.148.104:2466 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30472 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x759F28F3  Ack: 0xF768F2DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:16.415700 24.198.148.104:2501 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x75BB5210  Ack: 0xF7B09C34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:20.791035 24.198.148.104:2613 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:31046 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761F5B51  Ack: 0xF7DC41ED  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:31.311927 24.198.148.104:2881 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32041 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x770ADBA7  Ack: 0xF837147A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:33.066724 24.198.148.104:2920 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x772CBE09  Ack: 0xF8025FEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:34.853768 24.198.148.104:2953 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x774A1140  Ack: 0xF7F5FC6E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:36.350464 24.198.148.104:3010 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32511 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x777ADA7B  Ack: 0xF7FF56E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:37.844923 24.198.148.104:3043 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32647 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x77991D33  Ack: 0xF81DFF90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:39.332339 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60  Ack: 0xF8316DC4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-11:52:41.853327 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:33117 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60  Ack: 0xF8316DC4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:10:36.913409 24.216.27.88:1593 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70BBCA30  Ack: 0x3C1DAC4A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:10:37.041329 24.216.27.88:1593 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70BBCFE4  Ack: 0x3C1DAC4A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:30:29.888980 24.126.90.163:3478 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8A9116D1  Ack: 0x88144B4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:30:29.898143 24.126.90.163:3478 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8A911C85  Ack: 0x88144B4B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:37:40.119231 24.136.217.109:3543 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580E8192  Ack: 0xA2719DAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-12:37:40.123566 24.136.217.109:3543 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580E8746  Ack: 0xA2719DAF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-12:46:20.162563 209.237.238.172:35131 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:49341 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAB870D66  Ack: 0xC3CDC2AA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400428 2194975171 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-12:47:20.213921 209.237.238.173:44233 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:19718 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAFE2EACE  Ack: 0xC7559188  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335390679 2195005923 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:46.218782 24.98.61.177:3326 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65093 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEAF555A  Ack: 0x9F35F1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:49.166705 24.98.61.177:3326 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65320 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEAF555A  Ack: 0x9F35F1AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:50.377408 24.98.61.177:3383 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65418 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBEECC591  Ack: 0x9F84A85B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:54.378349 24.98.61.177:3457 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:207 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBF35E404  Ack: 0xA016A8A7  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:54.829876 24.98.61.177:3468 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:260 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBF3FBE95  Ack: 0xA01B90C3  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:55.356659 24.98.61.177:3480 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF4A9635  Ack: 0xA023C32F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-13:44:55.750041 24.98.61.177:3486 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:341 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF50E7A6  Ack: 0xA072FBCD  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-13:44:56.130319 24.98.61.177:3497 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:388 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF599490  Ack: 0xA05E9DCD  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:44:56.656255 24.98.61.177:3506 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:435 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBF62129E  Ack: 0xA005876E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:06.661085 24.98.61.177:3642 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1071 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFEF3A2E  Ack: 0xA0C9AE15  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:07.220585 24.98.61.177:3650 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1123 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFF6E3AB  Ack: 0xA156EC6F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:07.979331 24.98.61.177:3659 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1185 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBFFFFEB2  Ack: 0xA0FAE8F0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:12.044754 24.98.61.177:3674 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC00E055E  Ack: 0xA168492A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:22.084878 24.98.61.177:3903 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2294 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC0EF5580  Ack: 0xA1BF3024  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:22.917036 24.98.61.177:3909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2354 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC0F55F14  Ack: 0xA1F3F65B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:25.849459 24.98.61.177:3909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC0F55F14  Ack: 0xA1F3F65B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:27.176903 24.98.61.177:3975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2667 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC136709A  Ack: 0xA1E553EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:45:40.745121 24.98.61.177:4135 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:3562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1D3135A  Ack: 0xA310FD9C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.902439 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47406 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC750224B  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.927087 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC75027FF  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-14:25:24.541624 24.128.167.110:2363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13799 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0A328FB  Ack: 0x39FF2001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-14:25:24.560842 24.128.167.110:2363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13800 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0A32EAF  Ack: 0x39FF2001  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-15:36:08.977505 66.196.65.24:43245 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6A0BF7FD  Ack: 0x4558E7AE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.034494 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34889 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13A45E  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.074808 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13AA12  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:17:04.749559 24.209.229.123:1185 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33873 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA6865DF  Ack: 0xDF8A1CA1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:17:04.758678 24.209.229.123:1185 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA686B93  Ack: 0xDF8A1CA1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:18:26.096200 24.49.186.177:4189 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DDBCA4  Ack: 0xE45F7AC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:18:26.162554 24.49.186.177:4189 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DDC258  Ack: 0xE45F7AC3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:49:02.804784 24.209.229.123:1330 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6373 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x772B73F0  Ack: 0x5929ED97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:49:02.824954 24.209.229.123:1330 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6374 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x772B79A4  Ack: 0x5929ED97  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:46.896965 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26366 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E1F42  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:46.910206 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26367 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E24F6  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-16:52:49.924254 24.209.229.123:3942 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8D6E1F42  Ack: 0x679F6001  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-17:54:57.425341 24.209.229.123:1566 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1D8AB4E  Ack: 0x510740EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-17:54:57.458953 24.209.229.123:1566 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF1D8B102  Ack: 0x510740EA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:16:27.229580 24.209.98.148:1888 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCD917A  Ack: 0xA12775DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:16:27.289392 24.209.98.148:1888 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCD972E  Ack: 0xA12775DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.091151 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA7123  Ack: 0x38557796  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.112943 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA76D7  Ack: 0x38557796  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:02:32.110750 24.209.229.123:3476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A1799DA  Ack: 0x51007E8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:02:32.134450 24.209.229.123:3476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A179F8E  Ack: 0x51007E8E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-19:10:08.584938 209.237.238.159:2606 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:58543 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x4A7BA4B8  Ack: 0x6DDF280F  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 934960389 2206769875 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:18:24.500151 24.209.229.123:3446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABF376AD  Ack: 0x8C3C3FD9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:18:24.525609 24.209.229.123:3446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABF37C61  Ack: 0x8C3C3FD9  Win: 0x4470  TcpLen: 20

[**] [1:1714:3] WEB-CGI newdesk access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-19:48:18.278085 12.2.177.190:37138 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55633 IpLen:20 DgmLen:335 DF
***AP*** Seq: 0x1A4AB14  Ack: 0xFB117563  Win: 0x2133  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:56:43.973700 24.209.98.148:1929 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:55445 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFCFF48F1  Ack: 0x1C100F7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-19:56:44.004422 24.209.98.148:1929 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:55446 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFCFF4EA5  Ack: 0x1C100F7D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.233717 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AABB99  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.257270 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AAC14D  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.600768 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64381DA4  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.624171 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64382358  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:54:33.634821 24.209.128.164:4369 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABEDB6B0  Ack: 0xF8779A9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:54:33.642836 24.209.128.164:4369 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51052 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABEDBC64  Ack: 0xF8779A9E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:21:36.691191 24.209.14.164:4981 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x237CD9C9  Ack: 0x5E40BCF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:21:36.722301 24.209.14.164:4981 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12111 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x237CDF7D  Ack: 0x5E40BCF1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:33:29.276590 24.166.190.32:2601 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5208 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD60F711  Ack: 0x8A939271  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:33:29.301230 24.166.190.32:2601 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD60FCC5  Ack: 0x8A939271  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.693590 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28611 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB6387B5  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.725824 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28612 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB638D69  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-22:11:23.153356 24.209.229.123:2602 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D64056  Ack: 0x194B34EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-22:11:23.179346 24.209.229.123:2602 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D6460A  Ack: 0x194B34EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:34:05.485886 24.166.190.32:4839 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8743A37  Ack: 0x521ABE14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:34:05.509870 24.166.190.32:4839 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:24075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8743FEB  Ack: 0x521ABE14  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:35:52.909715 24.209.229.123:3033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58873 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC83B2E4  Ack: 0x58B252B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-23:35:52.955437 24.209.229.123:3033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC83B898  Ack: 0x58B252B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-23:57:54.205561 216.39.48.30:53435 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:50054 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x941067E6  Ack: 0xAC61A87E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 578135150 2215613031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-00:53:37.724956 24.207.194.112:3068 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAB4AB87  Ack: 0x7F2BE16A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-00:53:37.762480 24.207.194.112:3068 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAB4B13B  Ack: 0x7F2BE16A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-02:30:23.460781 24.24.212.29:4631 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7285C4D  Ack: 0xECFB2F94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-02:30:23.468975 24.24.212.29:4631 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7286201  Ack: 0xECFB2F94  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:22.527295 24.198.102.60:3043 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53834 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6D4408CB  Ack: 0x1E1B1F0C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:23.109362 24.198.102.60:3052 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53878 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6D4CD55C  Ack: 0x1E092842  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:23.360551 24.198.102.60:3057 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53906 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6D517ED4  Ack: 0x1E199D5A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:32.597107 24.198.102.60:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6E3CEDF4  Ack: 0x1ED56E70  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]