SnortSnarf alert page

Destination: 192.168.1.6: #5901-6000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:46:20.580961 on 05/29/2003
Latest: 21:20:16.554682 on 05/29/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:46:20.580961 24.201.23.63:3401 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40924 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0101BF9  Ack: 0x432339D1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:20.780593 24.201.23.63:3413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40978 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE019B108  Ack: 0x42A4BEA9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:31.732650 24.201.23.63:3580 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0B6F8FC  Ack: 0x43A38B20  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:43.580200 24.201.23.63:3716 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE13F836D  Ack: 0x44BF36D7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:54.960847 24.201.23.63:3868 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42658 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1D7D9A0  Ack: 0x44BC30FF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.192715 24.201.23.63:3897 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42726 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1F395A4  Ack: 0x44E5DA2E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.453339 24.201.23.63:3913 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42796 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE20060F0  Ack: 0x4614464A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.739487 24.201.23.63:3937 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42880 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2116EBB  Ack: 0x45F17045  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:55.911999 24.201.23.63:3951 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42915 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE21D48C4  Ack: 0x4668DB6F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:56.095073 24.201.23.63:3959 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42943 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2238B55  Ack: 0x4604BD97  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:14:36.647101 24.160.66.26:1614 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52148 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x791DDA7E  Ack: 0xADD39990  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:14:42.620307 24.160.66.26:3305 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56085 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7DF7C7D1  Ack: 0xADF9E550  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:12.495884 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62161 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D3D2  Ack: 0xB74248EA  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:12.523336 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62162 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D97E  Ack: 0xB74248EA  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:27.191391 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63731 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD61A1  Ack: 0xB7D957DE  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:27.217046 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63732 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD674D  Ack: 0xB7D957DE  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:31.167424 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64158 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B125B3D  Ack: 0xB88224F5  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:17:31.193541 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64159 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B1260E9  Ack: 0xB88224F5  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:18.080016 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:16900 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D25E  Ack: 0xC3979544  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:21.525941 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17321 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE61381  Ack: 0xC36828FB  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:21.551457 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17322 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE6192D  Ack: 0xC36828FB  Win: 0x4410  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:20:22.472518 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17435 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D80A  Ack: 0xC3979544  Win: 0x4410  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:34.250974 24.43.35.50:2561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40916 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x83E0806F  Ack: 0xE28931B3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:34.873023 24.43.35.50:2575 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40960 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x83ED2EAF  Ack: 0xE1E2E49E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.416897 24.43.35.50:2719 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41433 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x847E1AEC  Ack: 0xE2CF46F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.647288 24.43.35.50:2726 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41460 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84847C89  Ack: 0xE2F44892  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:28:44.808982 24.43.35.50:2730 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41475 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8488266D  Ack: 0xE2EBF4AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-13:28:58.164393 24.43.35.50:2915 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42410 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x853BC9FF  Ack: 0xE30A2D5C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:02.218854 24.43.35.50:3057 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x85C23A0E  Ack: 0xE427A7F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:02.501987 24.43.35.50:3063 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42752 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85C72B15  Ack: 0xE3770990  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:12.310846 24.43.35.50:3227 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43292 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8666D8CE  Ack: 0xE4CD2380  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.320899 24.43.35.50:3356 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43657 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86EC366E  Ack: 0xE4C1FCCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.795043 24.43.35.50:3360 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86F09CE6  Ack: 0xE565C18B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:22.982592 24.43.35.50:3373 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43706 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x86FA51C6  Ack: 0xE495ACC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:23.142740 24.43.35.50:3377 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43717 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x86FDAC2B  Ack: 0xE4F98D6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:23.282632 24.43.35.50:3379 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x87000D3E  Ack: 0xE4A0D86D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-13:29:24.275014 24.43.35.50:3381 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43765 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8702ACF3  Ack: 0xE54F9C22  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:19:18.895067 24.193.10.206:3682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x93AB4E4  Ack: 0xA3036CD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:19:18.915733 24.193.10.206:3682 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x93ABA98  Ack: 0xA3036CD8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:49:18.874180 209.237.238.174:42617 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:8771 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF74C50C0  Ack: 0x12A47F80  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 353399565 2287259197 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:35.032682 24.76.98.113:4081 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62439 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACC6AF4  Ack: 0x1C0ADC90  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:36.619798 24.76.98.113:4110 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62622 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AE72EFA  Ack: 0x1C231F61  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:37.291608 24.76.98.113:4126 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62714 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6AF39593  Ack: 0x1C892292  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:38.187341 24.76.98.113:4142 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62825 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B025FCD  Ack: 0x1C2B621C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:51:48.471867 24.76.98.113:4346 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BB29C42  Ack: 0x1D2B8FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:51:52.554488 24.76.98.113:4418 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6BF1CADF  Ack: 0x1CD5C47C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:51:53.419388 24.76.98.113:4431 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:64476 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6BFE2067  Ack: 0x1CFDEA5E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:06.817449 24.76.98.113:4588 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:203 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C8BACBB  Ack: 0x1D9F9ECB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:11.006922 24.76.98.113:4709 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:660 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CF536AB  Ack: 0x1DBF737A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:11.899491 24.76.98.113:4726 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:767 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D0371DF  Ack: 0x1EB2D235  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:12.527162 24.76.98.113:4741 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:847 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D10627A  Ack: 0x1E4F51EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:13.344433 24.76.98.113:4753 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:944 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D1B9AFD  Ack: 0x1E89654B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:13.985919 24.76.98.113:4768 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1031 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6D263291  Ack: 0x1E74F532  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:14.829767 24.76.98.113:4782 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1108 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D324125  Ack: 0x1E185CD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:15.694433 24.76.98.113:4798 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1208 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D419177  Ack: 0x1ED385A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-14:52:16.617064 24.76.98.113:4820 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1316 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D51F13E  Ack: 0x1E6B9272  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:41:53.418088 24.209.44.83:4191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBEB314E  Ack: 0xDB4E3369  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:41:53.450725 24.209.44.83:4191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBEB3702  Ack: 0xDB4E3369  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:15.726344 24.99.96.131:3971 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31511 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC2EA40C  Ack: 0x18C764BA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:16.843396 24.99.96.131:4051 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC6F7829  Ack: 0x18D09961  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:17.162936 24.99.96.131:4075 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31806 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC81BEEF  Ack: 0x190888F8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:17.442569 24.99.96.131:4098 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31853 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC92D8E2  Ack: 0x18F11C05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-15:58:17.820187 24.99.96.131:4117 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCA27F8E  Ack: 0x1840D689  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-15:58:18.081639 24.99.96.131:4133 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCB05447  Ack: 0x18D73E85  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:18.570852 24.99.96.131:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32065 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCCC4EF7A  Ack: 0x18A63FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:28.171753 24.99.96.131:1099 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEB70E17  Ack: 0x19B230E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:28.669159 24.99.96.131:1141 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCED56A06  Ack: 0x19D49321  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:29.054031 24.99.96.131:1169 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33912 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEEB5133  Ack: 0x19D42047  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:29.571149 24.99.96.131:1194 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEFF923C  Ack: 0x19933673  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.008016 24.99.96.131:1220 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34066 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCF13EED2  Ack: 0x19435CB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.559145 24.99.96.131:1247 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34164 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF2956C3  Ack: 0x199AD392  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:30.984966 24.99.96.131:1287 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34237 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCF44E490  Ack: 0x1939F2D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-15:58:31.482266 24.99.96.131:1312 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34322 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF588E9F  Ack: 0x19544114  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.529042 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEDC7A  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.551062 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEE22E  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-16:30:55.942884 216.39.48.30:40932 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:32231 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x777025C9  Ack: 0x937AC753  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 592730173 2290381987 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:39:01.307967 24.209.44.83:4103 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3828F242  Ack: 0xB1638EA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:39:01.337765 24.209.44.83:4103 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54833 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3828F7F6  Ack: 0xB1638EA6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:44:45.878916 24.28.233.168:3945 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54E58DC9  Ack: 0xC6C2A746  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:44:45.909230 24.28.233.168:3945 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54E5937D  Ack: 0xC6C2A746  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:14.978181 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12080 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72CDA0  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:15.002254 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72D354  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.484812 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB61B2  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.518118 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20018 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB6766  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.684197 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46535 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF00ED7  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.715384 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF0148B  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:17:48.984607 24.209.196.254:1657 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47042 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA97FFAEB  Ack: 0x27E9134A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:17:48.992983 24.209.196.254:1657 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47043 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA980009F  Ack: 0x27E9134A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.362796 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D001A  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.390678 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D05CE  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:56:56.445979 24.209.252.31:1047 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB1315012  Ack: 0xBB1B1BB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:56:56.475439 24.209.252.31:1047 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB13155C6  Ack: 0xBB1B1BB3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-19:39:01.495378 24.209.98.148:2023 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64189 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBE1ECE  Ack: 0x59F01F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-19:39:01.534185 24.209.98.148:2023 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBE2482  Ack: 0x59F01F0A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:20:39.655609 24.209.44.83:3063 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D849A1  Ack: 0xF6EF0391  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:20:39.688224 24.209.44.83:3063 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D84F55  Ack: 0xF6EF0391  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:59:46.474762 24.209.44.83:4161 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F45053A  Ack: 0x8AF599F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-20:59:46.508131 24.209.44.83:4161 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28082 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F450AEE  Ack: 0x8AF599F3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:20:16.508089 24.209.26.198:2758 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x36B3F537  Ack: 0xD8DBB43A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:20:16.554682 24.209.26.198:2758 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x36B3FAEB  Ack: 0xD8DBB43A  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]