SnortSnarf alert page

Destination: 192.168.1.6: #6001-6100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:27:55.813228 on 05/29/2003
Latest: 17:55:13.514613 on 05/30/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:27:55.813228 24.209.44.83:4225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7B82F9A  Ack: 0xF4C874F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-21:27:55.847481 24.209.44.83:4225 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD7B8354E  Ack: 0xF4C874F7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-21:29:18.569851 66.196.65.24:16393 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49465 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD8E7D2CD  Ack: 0xFAB8C101  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:42:28.723277 24.209.44.83:4834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B53EB80  Ack: 0xEAE609F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:42:28.753967 24.209.44.83:4834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B53F134  Ack: 0xEAE609F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:43:59.567232 24.209.44.83:3228 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x836DD5B6  Ack: 0x14D0A36E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-22:43:59.599015 24.209.44.83:3228 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41235 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x836DDB6A  Ack: 0x14D0A36E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:17:39.262210 24.209.196.254:4858 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:62419 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD25C033  Ack: 0x935BE510  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:55:11.675660 24.194.228.55:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44736 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E5791A  Ack: 0x211ED745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-23:55:11.716692 24.194.228.55:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E57ECE  Ack: 0x211ED745  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-00:06:36.004503 66.196.65.24:28919 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:48210 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x533B4D90  Ack: 0x4CCF18B7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:34:29.423825 24.209.44.83:3238 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27921 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC8499E17  Ack: 0xB641102B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:34:29.456159 24.209.44.83:3238 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC849A3CB  Ack: 0xB641102B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:41:33.019190 24.209.44.83:4127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60374 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED11A045  Ack: 0xD05F9637  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-00:41:33.051147 24.209.44.83:4127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60375 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED11A5F9  Ack: 0xD05F9637  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-01:21:21.559250 24.127.15.16:2752 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x819C474D  Ack: 0x673B6DD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-01:21:21.560282 24.127.15.16:2752 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1732 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x819C4D01  Ack: 0x673B6DD3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-01:40:06.404082 66.196.65.24:26903 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:21709 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCB921BA9  Ack: 0xAE42B6D3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:00:07.665610 24.209.26.198:3073 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31429 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x351A7506  Ack: 0xF9FC7FEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:00:07.717387 24.209.26.198:3073 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x351A7ABA  Ack: 0xF9FC7FEF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-02:45:31.629728 216.39.48.30:39112 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37505 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x879EEB65  Ack: 0xA5508CAB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 596408617 2309269001 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:58:10.016170 24.194.228.55:3398 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB66B838  Ack: 0xD5D6A137  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-02:58:10.047224 24.194.228.55:3398 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:39905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB66BDEC  Ack: 0xD5D6A137  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:19:44.087934 24.209.44.83:3065 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:30337 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BE24CA  Ack: 0x271A5984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:19:44.118087 24.209.44.83:3065 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:30338 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BE2A7E  Ack: 0x271A5984  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-03:24:00.348037 64.68.82.39:45992 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:16937 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x19D7BC66  Ack: 0x36B7B742  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1835466395 2310451084 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:35:29.517180 24.209.44.83:3142 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5401D23E  Ack: 0x61A26248  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:35:29.547764 24.209.44.83:3142 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5401D7F2  Ack: 0x61A26248  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:36:21.434174 24.209.44.83:4323 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580B1C2B  Ack: 0x65389D51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:36:21.464660 24.209.44.83:4323 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32794 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x580B21DF  Ack: 0x65389D51  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:37:24.888491 24.209.26.198:4645 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59137 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B978FAC  Ack: 0x6867827B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-03:37:24.907635 24.209.26.198:4645 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59138 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1B979560  Ack: 0x6867827B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-04:00:11.938736 66.196.65.24:8558 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:37369 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE4E39306  Ack: 0xBF1EE838  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-04:38:45.341047 24.209.26.198:2108 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42CB845B  Ack: 0x5043FC5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-04:38:45.362639 24.209.26.198:2108 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50014 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42CB8A0F  Ack: 0x5043FC5D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-04:40:02.157720 209.237.238.173:42504 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:59012 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x39376C59  Ack: 0x562C5B2A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 358386405 2312787954 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-05:08:39.675182 24.209.44.83:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x586606B  Ack: 0xC0FC93C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-05:08:39.707191 24.209.44.83:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x586661F  Ack: 0xC0FC93C6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-05:18:17.971889 66.196.65.24:29356 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:4077 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5BFB671  Ack: 0xE5484827  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-07:05:17.907919 24.209.26.198:1217 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35998 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8B2C182  Ack: 0x7AD795DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-07:05:17.926325 24.209.26.198:1217 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35999 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8B2C736  Ack: 0x7AD795DB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-07:25:17.867673 209.237.238.175:40509 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38502 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xA8EDB8D9  Ack: 0xC68B37A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 359083722 2317866575 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-07:31:10.138814 209.237.238.172:39532 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:44907 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xBE61DADD  Ack: 0xDBD730C1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 359429569 2318047021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-08:38:39.510470 66.196.65.24:37273 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30731 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8A285CB4  Ack: 0xDB36E5AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-08:57:45.730306 24.209.44.83:3168 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8C02EAE  Ack: 0x234F63CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-08:57:45.762322 24.209.44.83:3168 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8C03462  Ack: 0x234F63CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-10:05:00.655434 24.209.44.83:3392 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE84B1DB  Ack: 0x21A59537  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-10:05:00.687811 24.209.44.83:3392 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE84B78F  Ack: 0x21A59537  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-10:37:46.728216 66.196.65.24:36065 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:33415 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC548C64  Ack: 0x9E2CE428  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:34:46.220052 24.118.162.108:1844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55571 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x356923EB  Ack: 0x56CDC1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:34:46.228938 24.118.162.108:1844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55572 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3569299F  Ack: 0x56CDC1C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:40:00.646669 24.209.26.198:2410 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45037 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B4CBB62  Ack: 0x6B13C2A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-12:40:00.689242 24.209.26.198:2410 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45038 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B4CC116  Ack: 0x6B13C2A5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:03:31.131998 24.209.26.198:3193 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51932 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB51F8C12  Ack: 0xC40542F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:03:31.176757 24.209.26.198:3193 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51933 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB51F91C6  Ack: 0xC40542F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:05:33.570995 24.209.26.198:1354 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58158 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBCE192B5  Ack: 0xCBA3AB91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:05:33.611277 24.209.26.198:1354 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:58159 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBCE19869  Ack: 0xCBA3AB91  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:48:25.065589 24.209.26.198:1404 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D3D56EA  Ack: 0x6C4A80D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-13:48:25.077157 24.209.26.198:1404 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D3D5C9E  Ack: 0x6C4A80D4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:13:07.408271 24.209.26.198:2196 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62869 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB80A3872  Ack: 0xC9E4C789  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:13:07.430141 24.209.26.198:2196 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62870 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB80A3E26  Ack: 0xC9E4C789  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:17:23.343812 24.90.108.92:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0F6DA96  Ack: 0xDB82E72B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:17:23.351323 24.90.108.92:3387 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0F6E04A  Ack: 0xDB82E72B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:23:57.628609 24.209.44.83:4366 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE292DDB3  Ack: 0xF3C45859  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:23:57.660955 24.209.44.83:4366 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE292E367  Ack: 0xF3C45859  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:47:01.547750 24.209.44.83:4780 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32C7B72B  Ack: 0x4B6BAE2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-14:47:01.593828 24.209.44.83:4780 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32C7BCDF  Ack: 0x4B6BAE2B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-15:04:51.319363 66.196.65.24:53137 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:64810 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEAB23B75  Ack: 0x8EAC2A69  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-15:22:57.236773 24.209.44.83:3347 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAE9D454C  Ack: 0xD1E7C561  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-15:22:57.275234 24.209.44.83:3347 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8808 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAE9D4B00  Ack: 0xD1E7C561  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:08:41.139115 66.196.65.24:61204 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27416 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD6452850  Ack: 0x7FF23DCC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:30:12.485916 209.237.238.160:1768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35766 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x61B843DA  Ack: 0xD0129D98  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959467032 2334612148 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:33:42.334152 216.39.48.30:37382 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:46422 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC03AF20B  Ack: 0xDE2E4396  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 601376619 2334719629 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:40:02.874405 24.209.98.148:1968 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:1810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x324E764B  Ack: 0xF5C459D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:40:02.898193 24.209.98.148:1968 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:1811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x324E7BFF  Ack: 0xF5C459D8  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:46:51.235001 209.237.238.159:2606 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16273 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x75EE8196  Ack: 0xEFC82A9  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960017323 2335123677 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:40.586459 24.57.13.78:3469 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64439 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6BE58D39  Ack: 0x2C067D0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:41.501201 24.57.13.78:3490 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6BFA4D07  Ack: 0x2C1F26B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.036457 24.57.13.78:3494 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64540 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6BFDF78F  Ack: 0x2C660729  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.317997 24.57.13.78:3503 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64575 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C06E095  Ack: 0x2C5CD977  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:42.535325 24.57.13.78:3508 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C0B4906  Ack: 0x2C13A316  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:54:42.907694 24.57.13.78:3510 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64620 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C0D99F6  Ack: 0x2BC59C66  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-16:54:46.054804 24.57.13.78:3522 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64846 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C17FC59  Ack: 0x2C9ECA6D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.256050 24.57.13.78:3571 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64858 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C444756  Ack: 0x2C575416  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.465333 24.57.13.78:3577 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64884 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C49D3B1  Ack: 0x2CD428E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.654811 24.57.13.78:3580 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64903 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4D37FC  Ack: 0x2CB12C49  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:46.813249 24.57.13.78:3584 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C510F03  Ack: 0x2CE23971  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:47.026558 24.57.13.78:3588 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64936 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C54E22A  Ack: 0x2C66E161  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:47.241671 24.57.13.78:3594 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:64970 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C59B82E  Ack: 0x2CCE7041  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:50.278258 24.57.13.78:3594 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:65202 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C59B82E  Ack: 0x2CCE7041  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:56.597191 24.57.13.78:3732 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:82 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CE21E76  Ack: 0x2E2C4D49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:56.906769 24.57.13.78:3737 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:108 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CE7010C  Ack: 0x2DAE3549  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-16:54:57.108206 24.57.13.78:3741 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:122 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CEB76D0  Ack: 0x2E0D6EC7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:06:34.270677 24.209.44.83:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1168948B  Ack: 0x59F77964  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:06:34.303310 24.209.44.83:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26217 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11689A3F  Ack: 0x59F77964  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:42:38.532424 24.193.104.69:1388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14225 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CCEF90  Ack: 0xE3015BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:42:38.560474 24.193.104.69:1388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14226 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CCF544  Ack: 0xE3015BC6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:54:44.482301 24.209.98.148:4753 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD12459A4  Ack: 0xF7F3478  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:54:44.511787 24.209.98.148:4753 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1245F58  Ack: 0xF7F3478  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:55:13.514613 24.209.98.148:1540 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:9124 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3AF4DFF  Ack: 0x1166B6A1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]