SnortSnarf alert page

Destination: 192.168.1.6: #601-700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:30:05.597107 on 04/25/2003
Latest: 20:53:20.420298 on 04/25/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:30:05.597107 216.39.50.104:54488 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x62E85972  Ack: 0xA636069B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396852296 783943334 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-15:32:44.754792 216.39.50.74:52564 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42129 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6DED1D45  Ack: 0xB00A851E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396868057 784024860 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:13:13.138921 216.39.50.64:40522 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19943 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7143B7E  Ack: 0x4877326B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397112997 785268611 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:13:32.698904 216.39.50.24:43619 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49053 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x82A07BE  Ack: 0x4939BA87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379107379 785278629 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:24:26.767311 24.193.243.23:4642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10429 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xBBF25F6E  Ack: 0x725562EE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:24:26.772710 24.193.243.23:4642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:10430 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xBBF2645A  Ack: 0x725562EE  Win: 0x44E8  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:00.658862 24.242.248.248:2909 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:2205 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAF75F0A5  Ack: 0xEA2286E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:25.102947 24.242.248.248:1302 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11055 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB4BB85FE  Ack: 0xEAE63D24  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:39.195423 24.242.248.248:3948 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16526 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBC53C6CF  Ack: 0xED1FC196  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:40.810789 24.242.248.248:4943 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17173 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBDD667F1  Ack: 0xEC78CC5B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:56:42.896639 24.242.248.248:1304 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17790 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBEAEC8B4  Ack: 0xEC72292B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:56:44.715636 24.242.248.248:1522 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18562 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF524915  Ack: 0xED42C1A3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:46.386782 24.242.248.248:1737 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBFEE171B  Ack: 0xECC69BA6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:48.038811 24.242.248.248:1967 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19792 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC094153D  Ack: 0xECDB00B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:49.471002 24.242.248.248:2165 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC124E398  Ack: 0xED2410D4  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:56:57.706004 24.242.248.248:2813 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:23709 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC3122B08  Ack: 0xEDEE936E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:02.400503 24.242.248.248:3431 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25468 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC4D6AD4A  Ack: 0xEDC3A1FC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:04.286739 24.242.248.248:4186 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26260 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC679351C  Ack: 0xEDB46508  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:15.004623 24.242.248.248:4401 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30181 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6EBEB8A  Ack: 0xEE4160DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:16.491000 24.242.248.248:2134 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30867 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCB046A68  Ack: 0xEEA20FBD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:57:24.644249 24.242.248.248:2745 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33896 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCCD139CE  Ack: 0xEF86F06F  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:02.460714 24.71.58.208:3504 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35444 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x418800AE  Ack: 0xF51EDCEF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:05.682922 24.71.58.208:3540 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35537 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x41AE38F3  Ack: 0xF50EA8E2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:06.192653 24.71.58.208:3550 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35561 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41B6D253  Ack: 0xF5315815  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:06.690708 24.71.58.208:3563 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41C38FB4  Ack: 0xF5FF77B6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:09.570953 24.71.58.208:3563 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35734 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41C38FB4  Ack: 0xF5FF77B6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:13.513478 24.71.58.208:3621 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35964 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x41FC45DB  Ack: 0xF56DDE9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:59:23.293926 24.71.58.208:3813 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36297 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x42B484A5  Ack: 0xF6D99C96  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-16:59:23.850971 24.71.58.208:3820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x42BBEEB6  Ack: 0xF61B429A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:24.493802 24.71.58.208:3825 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36353 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x42C176F1  Ack: 0xF708B649  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:28.268067 24.71.58.208:3892 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36549 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x42FF4BE3  Ack: 0xF6C5BCFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:28.831950 24.71.58.208:3899 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4306B94C  Ack: 0xF705D017  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:38.606664 24.71.58.208:4049 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37002 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x439521D1  Ack: 0xF7439CE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.104237 24.71.58.208:4055 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x439B8271  Ack: 0xF76156F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.604036 24.71.58.208:4064 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x43A4B051  Ack: 0xF764F089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:39.944588 24.71.58.208:4070 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37073 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43A99D6F  Ack: 0xF7FAA051  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:40.286965 24.71.58.208:4077 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37096 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x43B04DC1  Ack: 0xF72AA7F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-16:59:40.771873 24.71.58.208:4085 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43B75D3A  Ack: 0xF7327850  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:03:15.653628 64.68.82.14:27145 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:16588 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC24AA6C7  Ack: 0x51BC08D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1537992274 786806118 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:07:52.160890 66.196.65.24:15020 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:50799 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x23324D0F  Ack: 0x17095465  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.964587 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE20267  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.976676 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE2081B  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:09.246121 24.242.248.248:2289 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33142 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6E9175A  Ack: 0x27354972  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:17.667676 24.242.248.248:2924 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36139 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8BBC6F1  Ack: 0x27912C49  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:21.844199 24.242.248.248:3548 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37711 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA6E578B  Ack: 0x279509DF  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:26.733639 24.242.248.248:1089 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39427 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD47CDB4  Ack: 0x28735962  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:28.438108 24.242.248.248:1235 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39896 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDAE2835  Ack: 0x28281C14  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:12:29.880009 24.242.248.248:1352 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:40463 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE078E71  Ack: 0x28383752  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:12:35.168105 24.242.248.248:1971 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42335 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFC6A644  Ack: 0x28869A56  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:36.860467 24.242.248.248:2313 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42987 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x10BE74D9  Ack: 0x2942B8B5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:38.629560 24.242.248.248:2467 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x112C815B  Ack: 0x28734FFA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:44.128443 24.242.248.248:3109 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13065E23  Ack: 0x298608D8  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:51.566638 24.242.248.248:3729 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48328 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x14CCE6A7  Ack: 0x29BF8587  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:53.484272 24.242.248.248:4575 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49080 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x16745E53  Ack: 0x29A34350  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:55.794406 24.242.248.248:4923 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49840 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x16FC6AB9  Ack: 0x29FAD8B5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:57.833900 24.242.248.248:1362 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50591 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x180B820C  Ack: 0x2A0CC6E3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:12:59.633786 24.242.248.248:1538 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51324 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x188F2E15  Ack: 0x2A97570E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:13:04.126634 24.242.248.248:1706 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53199 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x190E5BAF  Ack: 0x2AD49E02  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:18:42.058542 65.214.36.114:41252 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:59843 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xA7E316A7  Ack: 0x3F7553CD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 146800593 787280411 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.240729 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B63BD  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.269817 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B6971  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-17:47:11.216933 216.39.50.33:45880 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2286 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6887CED8  Ack: 0xAB5939C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388417101 788156246 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:11:52.463085 24.209.37.151:3062 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDB6D907  Ack: 0x774CB19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:11:52.513794 24.209.37.151:3062 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDB6DEBB  Ack: 0x774CB19  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:16:15.756487 216.39.50.54:47605 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18691 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD70CF010  Ack: 0x1894CED6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397850907 789049768 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:22:58.340870 216.39.50.64:52484 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:54671 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF378378  Ack: 0x327B2B0E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397891335 789255959 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:29:31.119361 216.39.50.84:34611 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49882 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8862611  Ack: 0x4A84A860  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397927637 789457125 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:29:47.407658 66.196.65.24:30717 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:50063 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2AC56EE1  Ack: 0x4B92FA54  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-18:37:26.493774 216.39.50.84:38266 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4512 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25F98FF2  Ack: 0x695A00F0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 397975164 789700602 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.900636 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32844 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB843C  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.926782 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB89F0  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:57:19.760703 24.209.37.151:2395 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC558D8AF  Ack: 0xB3119ACC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:57:19.783580 24.209.37.151:2395 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC558DE63  Ack: 0xB3119ACC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:00:40.000225 24.193.153.146:4947 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A0CA8C  Ack: 0xC022461B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:00:40.019367 24.193.153.146:4947 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0A0D040  Ack: 0xC022461B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:21:10.737835 24.209.37.151:3230 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37172 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D04D463  Ack: 0xD87F9CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:21:10.764117 24.209.37.151:3230 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37173 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D04DA17  Ack: 0xD87F9CD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-19:21:46.546622 216.39.50.74:58900 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42851 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xCDD51707  Ack: 0x1024DC0B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398241908 791063000 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:31:07.862266 24.209.37.151:3855 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36996 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8EA5BBF4  Ack: 0x334FF71D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-19:31:07.882311 24.209.37.151:3855 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36997 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8EA5C1A8  Ack: 0x334FF71D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-19:46:59.133631 216.39.50.84:41727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24877 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D819AD7  Ack: 0x6EDCFE80  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398392330 791837704 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:26:12.470256 66.196.65.24:38135 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:21689 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFD1C7F5C  Ack: 0x4BAD5DB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:30:04.392284 216.39.50.104:52915 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64434 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD06A0AF7  Ack: 0x1387F1AE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 398651745 793161717 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/25-20:49:07.407314 204.228.224.37:3265 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55183 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xC15D7E4F  Ack: 0x5A6D6852  Win: 0x2238  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:43.905878 24.202.15.240:1126 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58271 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD21F170C  Ack: 0x68A10067  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:44.651316 24.202.15.240:1137 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58297 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD229433B  Ack: 0x68A28EB7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:45.468106 24.202.15.240:1140 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58338 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD22E8C1A  Ack: 0x6852D730  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:46.181000 24.202.15.240:1145 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58377 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD233AFC7  Ack: 0x68E060D6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:52:56.512192 24.202.15.240:1344 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59098 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2ED89D5  Ack: 0x6958F6F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:52:57.190456 24.202.15.240:1351 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD2F62C70  Ack: 0x68B1E484  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-20:53:04.305243 24.202.15.240:1437 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59537 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD342407F  Ack: 0x69626922  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:04.909360 24.202.15.240:1485 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59566 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD3724882  Ack: 0x695B7A42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:05.705042 24.202.15.240:1495 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD37CEA8B  Ack: 0x69F32457  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:09.574259 24.202.15.240:1541 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3ABC26F  Ack: 0x6A1D2A8C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:10.335655 24.202.15.240:1571 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59845 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3C2F02C  Ack: 0x69A047D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:17.329659 24.202.15.240:1617 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60187 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3F42E67  Ack: 0x69FA3037  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:18.146341 24.202.15.240:1689 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60216 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD4388C6E  Ack: 0x6A1C8D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:18.885926 24.202.15.240:1695 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60253 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD43F0D0D  Ack: 0x6A1E2797  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:19.618070 24.202.15.240:1700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60269 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD444E8C0  Ack: 0x6A0FD353  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:20.420298 24.202.15.240:1706 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60320 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD44C15E9  Ack: 0x6A6D5DD8  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]