SnortSnarf alert page

Destination: 192.168.1.6: #5701-5800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:51:32.870506 on 05/28/2003
Latest: 20:38:00.866529 on 05/28/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:32.870506 24.198.102.60:3337 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E41E9DB  Ack: 0x1F5494AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-03:51:33.148850 24.198.102.60:3343 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54757 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6E470690  Ack: 0x1EB9BEE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-03:51:36.352552 24.198.102.60:3443 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55016 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6E9C24C1  Ack: 0x1FA8B960  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:45.651690 24.198.102.60:3692 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55722 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6F77C775  Ack: 0x1FB8CDCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:45.890913 24.198.102.60:3700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55740 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F7E67A0  Ack: 0x1FEEE201  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:46.164427 24.198.102.60:3708 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55782 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F852D7A  Ack: 0x1F7D0308  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:55.390858 24.198.102.60:3996 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7080C836  Ack: 0x200EE93B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:51:58.771968 24.198.102.60:4109 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56949 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70E25A12  Ack: 0x20707357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:02.052419 24.198.102.60:4187 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57136 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x71267604  Ack: 0x2115AB9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:02.271081 24.198.102.60:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57157 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x712D6E9A  Ack: 0x21491007  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:05.241393 24.198.102.60:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57365 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x712D6E9A  Ack: 0x21491007  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:05.666408 24.198.102.60:4285 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57410 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x717E253D  Ack: 0x210F997C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-03:52:14.969423 24.198.102.60:4521 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x724FB61A  Ack: 0x22B37056  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:32.691849 24.98.186.231:1956 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA503A6D8  Ack: 0x50A0B35C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:33.727449 24.98.186.231:1987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA51D883B  Ack: 0x50BDCEB7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:43.205436 24.98.186.231:2360 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62954 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA657E18D  Ack: 0x516A4013  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:43.557537 24.98.186.231:2372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63009 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA661F241  Ack: 0x510C74C6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:52.901276 24.98.186.231:2789 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64477 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7B5BF58  Ack: 0x51E6BCA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:04:56.575359 24.98.186.231:2941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65044 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA832D11D  Ack: 0x525BB2BD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:04:56.969854 24.98.186.231:2964 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65107 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA847C7C4  Ack: 0x51E8C913  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:57.377108 24.98.186.231:2978 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8543828  Ack: 0x52488AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.001284 24.98.186.231:3005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65269 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA86944B4  Ack: 0x523202D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.528361 24.98.186.231:3033 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8807D29  Ack: 0x52258675  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:04:58.984658 24.98.186.231:3052 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8908E40  Ack: 0x520F83D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:08.347444 24.98.186.231:3469 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9E92F78  Ack: 0x5289B750  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:08.795282 24.98.186.231:3481 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1430 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA9F3DF67  Ack: 0x53246670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:09.219084 24.98.186.231:3498 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1496 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA019CFE  Ack: 0x530187B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:09.808597 24.98.186.231:3512 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1588 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA0E7AE9  Ack: 0x5330637D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:05:19.401542 24.98.186.231:3941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:3060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB6CB40A  Ack: 0x532628A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:06:29.100025 24.106.43.6:3527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC2AFC38  Ack: 0x57C7FA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-04:06:29.108513 24.106.43.6:3527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51082 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC2B01EC  Ack: 0x57C7FA71  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-04:10:57.405037 66.196.65.24:59043 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:3133 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA6DCC5DE  Ack: 0x6859BF51  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:26.386680 24.126.82.22:4375 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4002 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC833CCB  Ack: 0x18D21A49  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:27.130460 24.126.82.22:4432 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4222 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCCB1D2CB  Ack: 0x19351A79  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.859369 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23828 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA00736DC  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.889581 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0073C90  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-09:00:08.383219 24.112.85.6:4526 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:51523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD1EBA9A  Ack: 0xAB564987  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-09:00:33.409930 24.112.85.6:4526 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:53430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD1EC04E  Ack: 0xAB564987  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.869974 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55017E3D  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.895369 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x550183F1  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:19:45.834159 24.102.124.170:2574 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15377 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x714A2396  Ack: 0x9FB4F406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:19:45.898931 24.102.124.170:2574 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x714A294A  Ack: 0x9FB4F406  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:31:04.616151 24.194.35.172:4320 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56912 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x98DCE589  Ack: 0xCA0C46E2  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:31:04.627435 24.194.35.172:4320 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:56913 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x98DCEA75  Ack: 0xCA0C46E2  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:34:41.763770 24.209.66.127:2531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19857 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9053A293  Ack: 0xD7CD5787  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-12:34:41.770121 24.209.66.127:2531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19858 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9053A847  Ack: 0xD7CD5787  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:40:34.488852 24.209.66.127:1743 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11682 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55A6AF8B  Ack: 0xD06F75CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:40:34.495106 24.209.66.127:1743 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55A6B53F  Ack: 0xD06F75CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:43:18.778644 24.209.178.84:3545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC1DF37CC  Ack: 0xDADE6309  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-13:43:18.786174 24.209.178.84:3545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27359 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC1DF3D80  Ack: 0xDADE6309  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.718936 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B316B7  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.739458 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B31C6B  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-14:59:05.541886 66.196.65.24:22879 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:23927 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD5173962  Ack: 0xF9BA81A1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:00:37.684582 24.209.178.84:1977 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x69294A98  Ack: 0xFEE94F76  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:00:37.691208 24.209.178.84:1977 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25192 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6929504C  Ack: 0xFEE94F76  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:29:35.011458 24.209.178.84:2721 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34535 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49680A7  Ack: 0x6CB30F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:29:35.021036 24.209.178.84:2721 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x496865B  Ack: 0x6CB30F68  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:55:55.450122 24.209.229.123:4426 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89F3145D  Ack: 0xCF6C1716  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-15:55:55.480667 24.209.229.123:4426 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89F31A11  Ack: 0xCF6C1716  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-16:44:42.808497 217.7.121.166:36304 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA93CFE09  Ack: 0x882B21E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-16:44:42.896091 217.7.121.166:36304 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:1842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA93D03BD  Ack: 0x882B21E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.509362 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37608 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B31590C  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.532288 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B315EC0  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:12:38.298190 24.209.229.123:2157 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52409 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x837DCE31  Ack: 0xF16B6EEB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:12:38.324824 24.209.229.123:2157 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x837DD3E5  Ack: 0xF16B6EEB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:17:33.440459 24.209.178.84:4253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C22AFDE  Ack: 0x3A0416C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:17:33.448872 24.209.178.84:4253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C22B592  Ack: 0x3A0416C  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:19:35.926415 24.209.178.84:1139 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13530 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46DD0FEF  Ack: 0xABE4C91  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:19:35.934793 24.209.178.84:1139 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13531 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46DD15A3  Ack: 0xABE4C91  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:31:03.453745 24.209.229.123:1626 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47480 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x479ACEA3  Ack: 0x37665B7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:31:03.483629 24.209.229.123:1626 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47481 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x479AD457  Ack: 0x37665B7C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.430732 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726E58D  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.454342 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726EB41  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:50:07.521314 24.209.98.148:1555 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:18554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70D3B242  Ack: 0x7F304F6E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:50:07.561523 24.209.98.148:1555 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:18555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70D3B7F6  Ack: 0x7F304F6E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:05:34.950288 24.209.44.83:3104 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31170 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43093502  Ack: 0xB9C98E81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:05:34.982734 24.209.44.83:3104 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31171 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43093AB6  Ack: 0xB9C98E81  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:36.142948 24.150.19.123:1936 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49664 IpLen:20 DgmLen:112
***AP*** Seq: 0x2ACFDECA  Ack: 0xD06E4402  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:36.862885 24.150.19.123:1956 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49723 IpLen:20 DgmLen:110
***AP*** Seq: 0x2AE00A17  Ack: 0xCFB19C05  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.073828 24.150.19.123:1965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49741 IpLen:20 DgmLen:120
***AP*** Seq: 0x2AE87A82  Ack: 0xD029BF20  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.358852 24.150.19.123:1969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49758 IpLen:20 DgmLen:120
***AP*** Seq: 0x2AEC08B4  Ack: 0xCFE6C20B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:37.647576 24.150.19.123:1975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49782 IpLen:20 DgmLen:136
***AP*** Seq: 0x2AF09C46  Ack: 0xCF939793  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-18:11:41.290138 24.150.19.123:2072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50090 IpLen:20 DgmLen:157
***AP*** Seq: 0x2B490014  Ack: 0xCFDCC89C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-18:11:44.956071 24.150.19.123:2233 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50714 IpLen:20 DgmLen:157
***AP*** Seq: 0x2BCBC9B6  Ack: 0xD0BDD116  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:45.223075 24.150.19.123:2245 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50763 IpLen:20 DgmLen:185
***AP*** Seq: 0x2BD3C9B7  Ack: 0xD0D48F01  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:54.798839 24.150.19.123:2540 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51726 IpLen:20 DgmLen:137
***AP*** Seq: 0x2CCCB9FB  Ack: 0xD17BF010  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:11:58.021630 24.150.19.123:2546 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52021 IpLen:20 DgmLen:137
***AP*** Seq: 0x2CD1CCCD  Ack: 0xD18B0E7D  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:10.762769 24.150.19.123:2974 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53429 IpLen:20 DgmLen:137
***AP*** Seq: 0x2E37B364  Ack: 0xD1B60085  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.483793 24.150.19.123:3194 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53977 IpLen:20 DgmLen:137
***AP*** Seq: 0x2EF2D584  Ack: 0xD25512F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.701693 24.150.19.123:3205 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54013 IpLen:20 DgmLen:138
***AP*** Seq: 0x2EFCC4B2  Ack: 0xD24019CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:14.972260 24.150.19.123:3210 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54038 IpLen:20 DgmLen:136
***AP*** Seq: 0x2F02264B  Ack: 0xD251FA79  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:15.216496 24.150.19.123:3219 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54059 IpLen:20 DgmLen:140
***AP*** Seq: 0x2F087486  Ack: 0xD2B4AFC5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:12:15.389160 24.150.19.123:3227 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54078 IpLen:20 DgmLen:136
***AP*** Seq: 0x2F0F91DE  Ack: 0xD28BC8AD  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:34:04.215663 24.209.98.148:2216 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7262217D  Ack: 0x24C143F1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:34:04.257247 24.209.98.148:2216 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46079 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72622731  Ack: 0x24C143F1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:35:25.564679 24.209.98.148:4508 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:54900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7A29D191  Ack: 0x28D05A42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-18:35:25.572961 24.209.98.148:4508 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:54901 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7A29D745  Ack: 0x28D05A42  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.210433 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA4CCC  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.252237 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA5280  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:38:00.866529 24.136.155.112:2051 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4806 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F0A9FA8  Ack: 0xF877E0A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]