SnortSnarf alert page

Destination: 192.168.1.6: #6401-6500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:08:44.606233 on 06/02/2003
Latest: 12:18:08.620389 on 06/03/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:08:44.606233 209.237.238.173:55181 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:45577 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1A0FB0C3  Ack: 0x3F13F06A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24117971 2466709649 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:09:51.496572 209.237.238.174:37526 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:763 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1E7C1E3C  Ack: 0x426B5218  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24124620 2466743920 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:15:17.618007 209.237.238.172:49790 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:62683 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x32DE4CF1  Ack: 0x576A81B4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24164403 2466910957 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:23:57.766931 209.237.238.174:55432 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:55299 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x543BBF54  Ack: 0x77FC8CFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24209246 2467177364 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:38.460306 24.87.77.106:3533 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5017 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4CE3F8  Ack: 0xD93FEEFE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:38.943230 24.87.77.106:3544 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5062 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE5773B7  Ack: 0xD956D429  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.197360 24.87.77.106:3561 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5113 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE631A09  Ack: 0xD9106ADD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.452141 24.87.77.106:3575 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5158 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE6C8818  Ack: 0xDA611B21  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:39.842277 24.87.77.106:3588 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE76723D  Ack: 0xDA37DAF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:49:40.102899 24.87.77.106:3602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5267 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE823D74  Ack: 0xDA9181E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:49:40.349548 24.87.77.106:3608 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5294 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE8801EB  Ack: 0xDA569174  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:40.699139 24.87.77.106:3618 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5348 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE901FE7  Ack: 0xDA501167  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.063203 24.87.77.106:3637 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9D0F3E  Ack: 0xDA504B14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.286890 24.87.77.106:3650 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5496 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA82176  Ack: 0xDA794667  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.509213 24.87.77.106:3654 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAC0635  Ack: 0xDA1A985E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:41.806558 24.87.77.106:3666 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5606 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB58188  Ack: 0xDA61DA2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.032653 24.87.77.106:3679 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEC041A4  Ack: 0xDAAB8CB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.245397 24.87.77.106:3688 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC833A0  Ack: 0xD9C6DBC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:42.479078 24.87.77.106:3699 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5729 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED10D18  Ack: 0xD9EC3B0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-16:49:52.431415 24.87.77.106:4080 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1006B7AA  Ack: 0xDA5E3734  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:50:58.903668 66.196.65.24:63039 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40934 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCEA798D8  Ack: 0xDF4D34DA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.062607 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89CD3D  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.083756 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89D2F1  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-17:53:19.487057 66.196.65.24:22959 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45408 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFFE3E945  Ack: 0xCA4673F6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:05.143455 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:05.694949 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39676 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:26:06.819144 66.196.65.24:7337 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39677 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9067D3B  Ack: 0x27DC2676  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.048572 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11706 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF76054A  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.110669 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11710 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF760AFE  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:11.758553 24.203.221.5:4010 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4079 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEB3C5879  Ack: 0x7F36A724  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:16.551715 24.203.221.5:4085 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4806 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEB7A9B37  Ack: 0x7FF70E9B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:26.892893 24.203.221.5:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6592 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED2F87A4  Ack: 0x8041D97D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:30.810515 24.203.221.5:4786 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7172 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDA60E76  Ack: 0x80C12B62  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:31.159243 24.203.221.5:4828 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7265 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEDBD26B6  Ack: 0x80E08A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:49:31.760453 24.203.221.5:4863 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7330 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEDCC617A  Ack: 0x80378CF7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-19:49:35.374390 24.203.221.5:1106 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7884 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEE4C3E45  Ack: 0x805E6F58  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:36.088355 24.203.221.5:1118 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7998 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEE565F62  Ack: 0x80D045C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:36.791754 24.203.221.5:1155 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8091 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE73AA9C  Ack: 0x814EB843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:37.196255 24.203.221.5:1179 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8185 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE87A346  Ack: 0x812236E6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:47.214223 24.203.221.5:1551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9596 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEFB51356  Ack: 0x810B3D35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:47.432062 24.203.221.5:1563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9635 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEFC05929  Ack: 0x82087945  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:51.085978 24.203.221.5:1690 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10102 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF02CEC82  Ack: 0x814B9D8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:54.110876 24.203.221.5:1690 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10486 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF02CEC82  Ack: 0x814B9D8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:49:57.701008 24.203.221.5:1800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10970 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF08DC220  Ack: 0x8192ADDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:03.688933 24.203.221.5:1800 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:11815 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF08DC220  Ack: 0x8192ADDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:07.078409 24.203.221.5:2270 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12349 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF2196492  Ack: 0x824D36F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:50:07.696915 24.203.221.5:2287 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:12421 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF2277CB4  Ack: 0x82D58C8C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.608861 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FAC816  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.617375 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FACDCA  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-21:42:09.300194 66.196.65.24:39242 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:10512 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA360CFFC  Ack: 0x29341505  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:01:11.986755 24.136.152.220:3894 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x26598AAA  Ack: 0x71610E9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:01:12.015404 24.136.152.220:3894 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2659905E  Ack: 0x71610E9F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.865235 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15365 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C6D9E  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.906158 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15366 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C7352  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:44:59.148083 24.209.98.148:4304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:48729 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5A143D  Ack: 0x1761FD99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:44:59.191531 24.209.98.148:4304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:48730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDF5A19F1  Ack: 0x1761FD99  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:26:17.759592 66.196.65.24:33215 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32144 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x71D7F24B  Ack: 0xB2E53C1D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:53.904763 24.35.68.68:3738 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26139 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x439451C5  Ack: 0x2F242E74  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.727826 24.35.68.68:3747 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26162 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x439D9E74  Ack: 0x2F063D5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.937310 24.35.68.68:3753 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26185 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43A28A31  Ack: 0x2E6F24F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.080503 24.35.68.68:4346 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27649 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46073873  Ack: 0x31218EEC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.293892 24.35.68.68:4348 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27662 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x46091455  Ack: 0x31C22470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.472209 24.35.68.68:4350 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460B3B93  Ack: 0x319CEE66  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.671090 24.35.68.68:4355 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27683 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460F4620  Ack: 0x31185F30  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.853381 24.35.68.68:4358 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27695 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46126186  Ack: 0x31569A05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.039677 24.35.68.68:4360 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46146F31  Ack: 0x32090684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.227905 24.35.68.68:4363 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4617AD0F  Ack: 0x313CA162  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.410200 24.35.68.68:4366 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x461A75B8  Ack: 0x317201E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.614049 24.35.68.68:4411 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x464490B6  Ack: 0x3220F2E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.810154 24.35.68.68:4415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27847 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46485BBD  Ack: 0x31F22908  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.968261 24.35.68.68:4419 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x464B1C9F  Ack: 0x31E39370  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.141414 24.35.68.68:4422 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27869 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x464DFFCD  Ack: 0x319C5E85  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.348147 24.35.68.68:4425 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4650A732  Ack: 0x31BD7FF1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-00:11:42.663542 218.58.115.113:2024 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:36403 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x2F62659E  Ack: 0x5F637E06  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-00:11:42.679337 218.58.115.113:2024 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:36404 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x2F626B24  Ack: 0x5F637E06  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-01:23:21.694941 66.196.65.24:54066 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:42667 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE9B12A33  Ack: 0x6D852829  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-02:01:35.860088 216.39.48.30:38545 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:15794 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xD85A9325  Ack: 0xFD439DF5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 630697637 2484928590 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-02:37:44.391474 66.196.65.24:49182 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:48237 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBD5CDC7  Ack: 0x87574E87  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-03:39:15.561875 66.196.65.24:14033 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3244 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9A5674D  Ack: 0x6F13D29D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-04:53:01.467791 66.196.65.24:1336 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:37569 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF9DFB2C  Ack: 0x8678F82F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-06:18:04.382574 66.196.65.24:37751 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27835 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCC564F36  Ack: 0xC7ACC791  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-06:54:57.480079 24.98.45.13:4858 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2758 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30B1B20F  Ack: 0x525C635F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-06:54:57.488504 24.98.45.13:4858 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:2759 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30B1B7C3  Ack: 0x525C635F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-07:02:27.401762 24.26.92.185:4412 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF72B6790  Ack: 0x6EFF6CCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-07:02:27.409316 24.26.92.185:4412 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF72B6D44  Ack: 0x6EFF6CCB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-07:43:37.401431 66.196.65.24:60510 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:48240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD1EA05B1  Ack: 0xA2FF559  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-08:39:59.431170 24.118.108.28:1098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57271 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB151E52  Ack: 0xDE93968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-08:39:59.440193 24.118.108.28:1098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57272 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB152406  Ack: 0xDE93968A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-09:09:08.496730 66.196.65.24:19104 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:1182 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3F29DC08  Ack: 0x4D07FE6F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-09:22:24.388253 24.172.63.245:4186 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB52EFAD  Ack: 0x7EA45108  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-09:22:24.394731 24.172.63.245:4186 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB52F561  Ack: 0x7EA45108  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:22.812575 67.162.149.169:1778 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17067 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x5C83E0B0  Ack: 0x25A26047  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.226011 67.162.149.169:1778 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17079 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x5C83E171  Ack: 0x25A262F6  Win: 0xF841  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.482600 67.162.149.169:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17100 IpLen:20 DgmLen:233 DF
***AP*** Seq: 0x5C88AD2D  Ack: 0x26538CC7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:23.849412 67.162.149.169:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17108 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0x5C88ADEE  Ack: 0x26538F76  Win: 0xF841  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.146554 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17127 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x5C8D2D61  Ack: 0x26071F00  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.278079 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17132 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0x5C8D2DFD  Ack: 0x2607206E  Win: 0xF982  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:06:24.628918 67.162.149.169:1782 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:17140 IpLen:20 DgmLen:214 DF
***AP*** Seq: 0x5C8D2EAC  Ack: 0x2607231C  Win: 0xF6D4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-10:50:26.613878 66.196.65.24:9655 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:49004 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFE71DB89  Ack: 0xCB689E9D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-12:18:08.620389 66.196.65.24:33466 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:1719 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF5BDF8E  Ack: 0x1745809A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]