SnortSnarf alert page

Destination: 192.168.1.6: #6101-6200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 17:55:13.564558 on 05/30/2003
Latest: 22:47:25.019219 on 05/31/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-17:55:13.564558 24.209.98.148:1540 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:9125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3AF53B3  Ack: 0x1166B6A1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:00:01.502289 24.209.5.98:4145 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ECEE16  Ack: 0x23F479D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:00:01.524299 24.209.5.98:4145 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18389 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38ECF3CA  Ack: 0x23F479D6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-18:02:48.026368 66.196.65.24:10449 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57484 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8CFD8AD7  Ack: 0x2E0FE094  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:03:04.101453 24.209.98.148:1812 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:56511 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFD50E779  Ack: 0x2FD8A6DE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-18:03:04.130563 24.209.98.148:1812 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:56512 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFD50ED2D  Ack: 0x2FD8A6DE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-19:12:12.671114 24.94.15.67:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36438 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFC8024B  Ack: 0x33AF27F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-19:12:12.770481 24.94.15.67:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFC807FF  Ack: 0x33AF27F9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-19:13:37.248982 66.196.65.24:36306 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:46218 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x755659DD  Ack: 0x3A5FE3A6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-20:16:30.794059 66.196.65.24:39192 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18117 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x264A6881  Ack: 0x274080B8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:10:43.451720 24.33.18.42:2163 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5582 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x692613F1  Ack: 0xF3B98A55  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:10:43.462248 24.33.18.42:2163 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5583 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x692619A5  Ack: 0xF3B98A55  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:35:22.917826 24.209.196.254:4555 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20089 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABDDFD84  Ack: 0x517FD7CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-21:35:22.919276 24.209.196.254:4555 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20090 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xABDE0338  Ack: 0x517FD7CC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-22:22:57.933812 24.235.161.61:4124 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51622 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x712EECA6  Ack: 0x43434F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-22:22:57.940762 24.235.161.61:4124 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51623 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x712EF25A  Ack: 0x43434F6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-22:35:05.050163 64.68.82.79:57180 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:13217 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x13E47AA9  Ack: 0x3149B686  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 812468942 2345823042 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-22:42:23.100422 216.39.48.30:52573 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5081 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x30A915B3  Ack: 0x4F79F3A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 603588213 2346049411 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:03:31.367082 24.212.21.192:4283 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51877 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25721CBB  Ack: 0x9E846639  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:03:31.375103 24.212.21.192:4283 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2572226F  Ack: 0x9E846639  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:35.331649 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E108E  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:35.610876 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:1901 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E1642  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:41.332952 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:2276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E108E  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/30-23:29:42.627319 61.139.208.170:1229 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:2390 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x719E1642  Ack: 0x682BF7  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-23:37:24.927709 66.196.65.24:37734 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:11856 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3C25BEA2  Ack: 0x1E12A9DD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-00:57:45.518855 24.209.5.98:3333 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8961 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272F720C  Ack: 0x4DC6964F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-00:57:45.542896 24.209.5.98:3333 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272F77C0  Ack: 0x4DC6964F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:02:40.582777 24.209.5.98:3247 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x364C30FD  Ack: 0x600A0E61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:02:40.607378 24.209.5.98:3247 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20414 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x364C36B1  Ack: 0x600A0E61  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:11:27.844378 24.209.98.148:3162 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA2A9B12  Ack: 0x82856B76  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:11:27.873973 24.209.98.148:3162 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:6230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA2AA0C6  Ack: 0x82856B76  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:23:19.234114 24.218.174.97:1177 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:63881 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0DEDEF0  Ack: 0xAF278930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-01:23:19.243221 24.218.174.97:1177 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:63882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0DEE4A4  Ack: 0xAF278930  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-02:43:24.065365 66.196.65.24:23431 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:28278 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x504D72FA  Ack: 0xDDB02A1A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-02:45:01.262234 216.39.48.30:52393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60338 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC3D3D048  Ack: 0xE2F75D56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 605043717 2353505842 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-04:12:59.584234 66.196.65.24:60276 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29075 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFC7325DF  Ack: 0x2FBECC4A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:04.288591 24.202.81.59:3356 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:26706 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAAA97837  Ack: 0x22474C57  Win: 0x4074  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:17.684826 24.202.81.59:3643 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27812 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xABABF233  Ack: 0x22936A32  Win: 0x4074  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:17.923815 24.202.81.59:3770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27869 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC15B4DD  Ack: 0x22CDCBB8  Win: 0x4074  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:18.174176 24.202.81.59:3785 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:27929 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC20D228  Ack: 0x230ADD9B  Win: 0x4074  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:27.653483 24.202.81.59:4109 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAD3198A8  Ack: 0x232C170C  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:17:27.832830 24.202.81.59:4117 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29018 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD383928  Ack: 0x23A3AFC0  Win: 0x4074  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:17:28.065982 24.202.81.59:4125 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29071 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAD3F092D  Ack: 0x2328C019  Win: 0x4074  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:37.460177 24.202.81.59:4385 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29834 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAE261301  Ack: 0x23F513CD  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:37.618982 24.202.81.59:4398 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE2F04BA  Ack: 0x244CC232  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:47.432683 24.202.81.59:4650 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30620 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0EB7E5  Ack: 0x24956293  Win: 0x4074  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:48.370201 24.202.81.59:4666 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF19B36F  Ack: 0x2472D52A  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:49.200639 24.202.81.59:4689 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30740 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF2C2BC4  Ack: 0x24A140CD  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:50.212633 24.202.81.59:4714 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30819 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAF41FD74  Ack: 0x24C19E74  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:51.432806 24.202.81.59:4746 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30950 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF5B841E  Ack: 0x249B8676  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:52.476900 24.202.81.59:4779 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31035 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAF786720  Ack: 0x25418457  Win: 0x4074  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-05:17:53.289796 24.202.81.59:4807 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31076 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF923027  Ack: 0x2566FF81  Win: 0x4074  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-05:26:25.226278 66.196.65.24:25704 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:43175 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x891FD90E  Ack: 0x449FA4C9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:18:50.083053 24.209.5.98:3504 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:14516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3804BDD1  Ack: 0xA24278B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:18:50.119692 24.209.5.98:3504 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:14517 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3804C385  Ack: 0xA24278B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:27:28.528082 24.61.2.118:2397 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FA0006A  Ack: 0x2C17DD27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-06:27:28.535681 24.61.2.118:2397 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:13743 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FA0061E  Ack: 0x2C17DD27  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-07:12:45.588180 66.196.65.24:42839 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7E22A043  Ack: 0xD61BA3FF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-07:46:23.848409 24.207.208.47:4723 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59415 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CBA99C0  Ack: 0x562ACC43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-07:46:23.921426 24.207.208.47:4723 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CBA9F74  Ack: 0x562ACC43  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-10:50:36.630121 66.196.65.24:30544 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27530 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x427F89F6  Ack: 0xD38B86A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:26.877640 24.198.96.149:3524 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41904 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x32983E8F  Ack: 0x11E035CC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:36.441243 24.198.96.149:3771 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42519 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x33712AC9  Ack: 0x12353E77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:45.647182 24.198.96.149:4077 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43493 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347BFCFE  Ack: 0x12651907  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:54.927708 24.198.96.149:4374 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44390 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x357D5F6D  Ack: 0x138B5787  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-11:59:55.133006 24.198.96.149:4385 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44434 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3586D49D  Ack: 0x1339A8EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:00:04.431991 24.198.96.149:4738 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45536 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x36B364D7  Ack: 0x13B05C64  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:00:07.833283 24.198.96.149:4824 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45758 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x37023CF2  Ack: 0x145CC66B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:08.043926 24.198.96.149:4829 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45775 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x37073D97  Ack: 0x147247A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:11.459155 24.198.96.149:4914 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3754E134  Ack: 0x13E6DDE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:20.753079 24.198.96.149:1185 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46647 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x382ED49A  Ack: 0x146E3664  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:20.971592 24.198.96.149:1195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46667 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x38371302  Ack: 0x1457911F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.188762 24.198.96.149:1203 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x383E17EC  Ack: 0x1504E355  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.448291 24.198.96.149:1212 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46721 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3845BE63  Ack: 0x14ADE114  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.673296 24.198.96.149:1217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x384A576D  Ack: 0x14C9A69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:21.929023 24.198.96.149:1221 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46767 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x384E9EC1  Ack: 0x1544CC70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-12:00:22.170142 24.198.96.149:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46795 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x385746DD  Ack: 0x1481B150  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-12:16:20.029220 66.196.65.24:15290 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:58326 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x536FBEFD  Ack: 0x50B56616  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-13:23:46.132094 66.196.65.24:27814 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:40633 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3C29F483  Ack: 0x4FBDA676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-14:34:53.912856 66.196.65.24:48327 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:47926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x94B93F2E  Ack: 0x5C9B4BAF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-15:59:50.382050 66.196.65.24:32259 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:31882 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFEE80A4D  Ack: 0x9D8E8FC5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-17:18:27.583501 66.196.65.24:5305 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29739 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x265F7327  Ack: 0xC6D97A10  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:04:33.581976 24.209.196.254:3724 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7C5049  Ack: 0x7533CE2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:04:33.590155 24.209.196.254:3724 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7C55FD  Ack: 0x7533CE2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:24:47.861213 24.88.222.55:4063 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57027 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D71A3C1  Ack: 0xC18551F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:24:47.890129 24.88.222.55:4063 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57028 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D71A975  Ack: 0xC18551F3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-18:31:09.392667 66.196.65.24:32623 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x105F7D54  Ack: 0xD9F26D16  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:32:47.280244 24.231.32.81:3188 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:22300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E532DE3  Ack: 0xDF87C014  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-18:32:47.302772 24.231.32.81:3188 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:22301 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E533397  Ack: 0xDF87C014  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-19:44:53.654121 24.209.196.254:3085 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9664 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32CD0E7C  Ack: 0xEF58D116  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-19:44:53.681260 24.209.196.254:3085 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9665 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32CD1430  Ack: 0xEF58D116  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-19:59:25.723035 66.196.65.24:29436 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:52707 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD3262AEE  Ack: 0x267CCD60  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-20:37:47.792003 24.29.16.254:4104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:37552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CDF5AA  Ack: 0xB7699F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-20:37:47.799608 24.29.16.254:4104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:37553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CDFB5E  Ack: 0xB7699F13  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-21:40:39.367357 66.196.65.24:55585 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30610 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CCFC856  Ack: 0xA4B523BD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:01:38.611457 24.209.5.98:1174 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:65381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB8E9295  Ack: 0xF3F6A52A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:01:38.639664 24.209.5.98:1174 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:65382 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB8E9849  Ack: 0xF3F6A52A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:10:53.450534 24.209.196.254:4460 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40649 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F4EF75  Ack: 0x165888D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:10:53.488389 24.209.196.254:4460 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40651 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F4F529  Ack: 0x165888D2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:47:25.019219 24.209.71.22:4136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:33108 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9BA1122B  Ack: 0xA07FC0E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]