SnortSnarf alert page

Destination: 192.168.1.6: #6301-6400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:28:14.485509 on 06/01/2003
Latest: 16:00:20.194713 on 06/02/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-15:28:14.485509 24.126.31.33:2060 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9E4214  Ack: 0x6573AC16  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-15:28:14.491748 24.126.31.33:2060 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55396 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC9E47C8  Ack: 0x6573AC16  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-15:37:20.381752 66.196.65.24:30285 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:3427 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBF53A3EE  Ack: 0x88BFF516  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-16:38:37.753792 66.196.65.24:42810 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1FB366BE  Ack: 0x6F7A35CF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:04:43.432479 24.209.215.159:4019 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB5AA4A6  Ack: 0xD242C414  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:04:43.448763 24.209.215.159:4019 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:8489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB5AAA5A  Ack: 0xD242C414  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-17:56:12.203914 66.196.65.24:31263 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10911 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC35207D0  Ack: 0x94E6B17B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:32.519514 24.188.213.73:4462 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46295 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x729D1AE9  Ack: 0x9C68D2B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:34.775357 24.188.213.73:2209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46997 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x76D9FBF3  Ack: 0x9D0B5E7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-17:58:38.479607 24.188.213.73:2212 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47042 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x76DDCDCE  Ack: 0x9D794B11  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-19:01:22.573674 66.196.65.24:58786 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:54061 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x43F047D8  Ack: 0x8A75001B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:20:44.579633 24.209.215.159:4261 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4406 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1793D76  Ack: 0xD41389F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:20:44.580684 24.209.215.159:4261 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA179432A  Ack: 0xD41389F2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:23:46.258645 24.172.63.245:2773 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5947 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76C49F4C  Ack: 0xE004951C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-19:23:46.264024 24.172.63.245:2773 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:5948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76C4A500  Ack: 0xE004951C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-20:07:38.076739 24.207.34.110:4403 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD7114BC  Ack: 0x860DD90A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-20:07:38.158750 24.207.34.110:4403 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39839 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD711A70  Ack: 0x860DD90A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-20:15:53.663696 66.196.65.24:48952 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2488 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDEC7F780  Ack: 0xA439D3BB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-21:17:01.490532 66.196.65.24:5448 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65268 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCC12C8F5  Ack: 0x8B9FF33E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-22:17:04.789930 66.196.65.24:26674 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:63508 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xED2A31AA  Ack: 0x6D700781  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-22:28:41.295587 24.93.134.37:1623 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39AB0DB5  Ack: 0x99EF1134  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-22:28:41.337810 24.93.134.37:1623 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39AB1369  Ack: 0x99EF1134  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-23:47:14.117230 24.209.196.254:4015 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x669EE4BA  Ack: 0xC2101176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-23:47:14.147567 24.209.196.254:4015 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x669EEA6E  Ack: 0xC2101176  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-23:50:42.467635 66.196.65.24:65356 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:44215 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x74FF334A  Ack: 0xCF6776CD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.478072 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5B9E11  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.500766 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5BA3C5  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:47:57.926861 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFDB1D  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:48:03.936638 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42594 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFE0D1  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.208570 24.35.68.68:1728 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38308 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB1976E74  Ack: 0x2EE751DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.685597 24.35.68.68:1735 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38336 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB19E49A7  Ack: 0x2FBA108B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:41.876192 24.35.68.68:1768 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38498 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C3EEAE  Ack: 0x2F574866  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.099256 24.35.68.68:1770 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C66736  Ack: 0x2FE510B2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.290075 24.35.68.68:1774 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38531 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1CA42C6  Ack: 0x2F47CDD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.578796 24.35.68.68:1780 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38550 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1CFA5EC  Ack: 0x2F0AE1CD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.806350 24.35.68.68:1786 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38567 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1D5C080  Ack: 0x2F4594AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:43.035024 24.35.68.68:1790 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38582 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB1D9E5AC  Ack: 0x2FF2D5D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.188973 24.35.68.68:1915 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39120 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB259F710  Ack: 0x3078A989  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.351359 24.35.68.68:1917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB25C1CAF  Ack: 0x3039A9A2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.525808 24.35.68.68:1923 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2611FB4  Ack: 0x306DC434  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.747968 24.35.68.68:1927 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2650329  Ack: 0x30333CBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.089563 24.35.68.68:1932 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39191 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2698E46  Ack: 0x2FE7B7E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.270116 24.35.68.68:1937 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB26EF4FB  Ack: 0x2FA170BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.446192 24.35.68.68:1942 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39219 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB2739F2C  Ack: 0x2FF6B18F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:24:02.713365 24.35.68.68:2083 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB2FF3159  Ack: 0x3121FE50  Win: 0x4470  TcpLen: 20

[**] [1:1549:9] SMTP HELO overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
06/02-01:25:54.387346 216.109.87.238:40150 -> 192.168.1.6:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:46
***AP*** Seq: 0x3715CC77  Ack: 0x14B25245  Win: 0x21F0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10324][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0042]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:27:29.886773 66.196.65.24:45507 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18038 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD4017E9B  Ack: 0x3CCDD619  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-02:32:56.241053 24.209.215.159:2958 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB6C78726  Ack: 0x34A6B6E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-02:32:56.242326 24.209.215.159:2958 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB6C78CDA  Ack: 0x34A6B6E4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-02:46:57.310724 66.196.65.24:47305 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:582 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDB01BEB6  Ack: 0x69636A23  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:16:36.258024 209.237.238.161:1822 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:17902 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x9AE0D8A9  Ack: 0xDA3E4EFB  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431045420 2442981173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:21:29.598626 209.237.238.160:1043 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:59712 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71BD771A  Ack: 0xEC782E46  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 980651665 2443131415 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:55:07.264701 209.237.238.161:1355 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:21893 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7EC722D7  Ack: 0x6B488FC2  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431276492 2444164834 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:57:24.291135 66.196.65.24:25101 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32567 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xABC638C7  Ack: 0x73BB8FAD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-04:25:01.171990 209.237.238.160:3981 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:25357 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x92E32513  Ack: 0xDBA6899C  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 981032769 2445083642 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:20.971764 24.136.163.137:3203 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:41624 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA0514311  Ack: 0xFF5FE1C3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.070206 24.136.163.137:4235 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44424 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA30EA5FE  Ack: 0xFFAA1258  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.362727 24.136.163.137:4262 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44509 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA324E1D7  Ack: 0x27F644  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:31.595360 24.136.163.137:4278 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:44540 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3305FCB  Ack: 0xFFD2A25E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-04:34:34.826780 24.136.163.137:4288 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:45527 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA33990B7  Ack: 0x8BE928  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-04:34:44.350241 24.136.163.137:4017 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:48359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA6EA1FD5  Ack: 0x10E92A6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:00:07.990461 209.237.238.161:2553 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34987 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71C72BBA  Ack: 0x610DAFFE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431666512 2446162702 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:01:18.673123 66.196.65.24:51629 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:65251 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEEAC2EDF  Ack: 0x64D108AF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:23:51.638926 209.237.238.160:2921 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:47904 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB113A1A5  Ack: 0xBA493C04  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 981385761 2446891854 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-06:03:01.454626 66.196.65.24:8240 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:31920 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC8E8BDC  Ack: 0x4E6FB986  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-08:27:06.248280 66.196.65.24:35453 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24639 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7A26608  Ack: 0x6E97C8A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-09:07:31.384537 66.196.65.24:6742 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24558 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA3D4B139  Ack: 0x780D20C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-09:57:49.537735 66.196.65.24:2448 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27611 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4490D4B2  Ack: 0xC53DF7B3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:06:52.697888 24.209.215.159:4576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8122C837  Ack: 0xE8076AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:06:52.704269 24.209.215.159:4576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20656 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8122CDEB  Ack: 0xE8076AEE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:58:54.794183 24.114.34.24:2905 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25749 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD2722A27  Ack: 0xAC8789DE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:58:56.458249 24.114.34.24:2965 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25926 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD2A4B6BF  Ack: 0xAC8389B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:06.634967 24.114.34.24:3265 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3A49380  Ack: 0xACC61CAD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:07.562917 24.114.34.24:3299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27129 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3C069D4  Ack: 0xAD35FE03  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:11.779198 24.114.34.24:3434 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27626 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD4351CE0  Ack: 0xADA56CC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-10:59:12.613141 24.114.34.24:3468 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27749 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD451BD27  Ack: 0xAD5492E3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-10:59:16.881354 24.114.34.24:3599 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28216 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD4BFD77D  Ack: 0xAE122295  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:21.428099 24.114.34.24:3722 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28680 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD5282A1E  Ack: 0xADA7EC8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:22.927820 24.114.34.24:3767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD550C5DC  Ack: 0xADE64D5E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:24.301771 24.114.34.24:3806 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28998 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD574C550  Ack: 0xADFB9587  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:34.718493 24.114.34.24:4110 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD67BD66D  Ack: 0xAEF14088  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:36.254415 24.114.34.24:4158 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30298 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6A57BBE  Ack: 0xAF2CE713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:37.496683 24.114.34.24:4203 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30445 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD6CCE8B5  Ack: 0xAECF6C76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:40.549897 24.114.34.24:4203 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD6CCE8B5  Ack: 0xAECF6C76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:48.247249 24.114.34.24:4483 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31446 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7BD849B  Ack: 0xAF6304D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:51.323839 24.114.34.24:4483 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7BD849B  Ack: 0xAF6304D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:52.821585 24.114.34.24:4604 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31871 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD829ED15  Ack: 0xAFA0FB23  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-10:59:57.489989 24.114.34.24:4731 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:32300 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD896F640  Ack: 0xAFCB1233  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-11:15:55.092687 216.39.48.30:49593 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:6389 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xC96C841A  Ack: 0xEC122BB9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 625384700 2457710877 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-11:38:32.708297 66.196.65.24:62822 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40443 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA4C4EBEF  Ack: 0x41A0A171  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-12:20:10.564997 24.114.141.149:1660 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC605F0C4  Ack: 0xDF7A3751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-12:20:10.575148 24.114.141.149:1660 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62537 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC605F678  Ack: 0xDF7A3751  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-12:49:02.435102 66.196.65.24:9141 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:9843 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8695374A  Ack: 0x4C90CE6D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-13:31:18.019660 209.237.238.161:3748 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:41304 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x138538AA  Ack: 0xEBC28038  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 434733118 2461871316 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-13:50:14.028506 66.196.65.24:21054 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:10950 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1C66BC78  Ack: 0x33355FC4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:02:37.704778 66.196.65.24:47268 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28667 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC5041735  Ack: 0x448FDA87  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:45:42.146321 209.237.238.174:44776 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:4738 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC2AAF421  Ack: 0xE7EB45E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23979692 2466001597 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:48:11.163823 209.237.238.173:34756 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:42052 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xCB9184C0  Ack: 0xF1969940  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23994632 2466077929 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:55:12.658947 209.237.238.161:3563 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:1570 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x352B7E97  Ack: 0xB31BA10  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 435596468 2466293798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:00:20.194713 209.237.238.175:54671 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:13471 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFA8D0B6F  Ack: 0x1E876E3A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24068094 2466451319 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]