SnortSnarf alert page

Destination: 192.168.1.6: #6701-6800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:12:18.744844 on 06/06/2003
Latest: 07:22:09.335319 on 06/07/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.744844 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60104 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBAB44D  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.746122 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60105 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBABA01  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-12:20:43.825625 193.155.74.66:1883 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:51104 IpLen:20 DgmLen:147 DF
***AP*** Seq: 0x790F9B70  Ack: 0xE02D4842  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.190363 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D1A61  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.202522 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D2015  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-13:17:16.474622 66.196.65.35:50928 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:61857 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF1AB95BE  Ack: 0xB59DE5EC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23507442 2638449859 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:07:25.962832 24.210.203.121:4587 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41886 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0x57042ED0  Ack: 0x733A0292  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:24:42.489359 66.196.65.35:53737 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38110 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC7E4DA97  Ack: 0xB5621EAE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23912013 2640522149 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-14:24:56.217414 66.27.55.14:34874 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:42691 IpLen:20 DgmLen:153 DF
***AP*** Seq: 0x88D3D085  Ack: 0xB597682A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68188026 2640528918 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.715696 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1321FC89  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.716993 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1322023D  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.061848 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D95DFD  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.093795 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61432 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D963B1  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.805888 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32186 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC8892E4  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.807169 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32187 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC889898  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.446772 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46972 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16867  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.448069 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16E1B  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-15:45:38.143499 66.196.65.35:39016 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:17789 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5CC6CBDC  Ack: 0xE5D7BF81  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24397543 2643009141 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-15:59:05.157314 216.39.48.30:41056 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:47671 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xEC707916  Ack: 0x19EB0166  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 661635888 2643422456 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:07:49.065250 24.91.73.152:1345 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:45554 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74E67AE7  Ack: 0x39A10CCC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.211646 24.91.73.152:1589 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46373 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75CC7204  Ack: 0x3B2F74BA  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.375263 24.91.73.152:1591 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75CE7113  Ack: 0x3AC5F57F  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.551312 24.91.73.152:1594 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46405 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75D15567  Ack: 0x3B7C927F  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:01.732943 24.91.73.152:1598 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75D438C9  Ack: 0x3B5FAD7A  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-16:08:01.916577 24.91.73.152:1601 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46442 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75D70EE4  Ack: 0x3B7CD727  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-16:08:05.298992 24.91.73.152:1657 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46605 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x760D4B37  Ack: 0x3BDADA95  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.443673 24.91.73.152:1660 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46620 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7610BA09  Ack: 0x3C0E9690  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.637330 24.91.73.152:1663 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46640 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76134C19  Ack: 0x3C141422  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.813236 24.91.73.152:1671 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46654 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761A55C3  Ack: 0x3C34A966  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:05.978594 24.91.73.152:1674 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46669 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761DC32A  Ack: 0x3BCC9541  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:06.190634 24.91.73.152:1677 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7620CDD7  Ack: 0x3BEC5C5C  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.622753 24.91.73.152:1721 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46798 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x764EAAAF  Ack: 0x3BED0EB9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.775098 24.91.73.152:1723 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76510B18  Ack: 0x3CB2CFB8  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:09.954385 24.91.73.152:1726 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46816 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7653C894  Ack: 0x3C0379BD  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:08:10.115509 24.91.73.152:1729 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:46825 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7656EFBB  Ack: 0x3BFEFC83  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.261986 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60280EBC  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.292525 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60281470  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-17:05:49.679916 66.196.65.35:52136 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:6807 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x685A56B7  Ack: 0x144E09E3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24878661 2645473517 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:10.867033 24.129.102.205:4727 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62392 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFA1387BE  Ack: 0x116629D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:21.321345 24.129.102.205:1354 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:63994 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFBAE2669  Ack: 0x14FADFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-18:08:25.160118 24.129.102.205:1369 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFBBBD3AB  Ack: 0xF2528F  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-18:45:43.585905 66.196.65.35:43564 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:7955 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x34AF8D8E  Ack: 0x8F12D526  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25478007 2648543494 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:05.517014 24.129.102.205:3966 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:45976 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5695DB58  Ack: 0x2A9E5E90  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:09.761218 24.129.102.205:4096 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:46477 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5706B6DB  Ack: 0x2B6604B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:22.953445 24.129.102.205:4273 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48452 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x579FA575  Ack: 0x2BECA774  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:23.410869 24.129.102.205:4674 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48552 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x58DEEC30  Ack: 0x2C83B78D  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:23.841215 24.129.102.205:4693 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:48613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58E75E36  Ack: 0x2BD2B28C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:28.127241 24.129.102.205:1053 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49222 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x597C0B81  Ack: 0x2BDCFC15  Win: 0xFAF0  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:30.856372 24.129.102.205:1053 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49665 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x597C0B81  Ack: 0x2BDCFC15  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:27:32.524258 24.129.102.205:1188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:49904 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x59F1BE4F  Ack: 0x2CCCCB13  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:27:40.441441 24.129.102.205:1489 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:51052 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AF280B1  Ack: 0x2D2A7DC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-19:48:02.203762 66.196.65.35:59254 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:2496 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6C2392EE  Ack: 0x79D2B24E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25851843 2650458351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.165641 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD002FCE8  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.212616 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD003029C  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/06-20:33:36.838934 139.130.193.82 -> 192.168.1.6
ICMP TTL:238 TOS:0x0 ID:52458 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:48057 -> 144.140.24.119:113
TCP TTL:42 TOS:0x0 ID:37159 IpLen:20 DgmLen:60 DF
Seq: 0x268FB6E8  Ack: 0xE032E13E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-20:46:39.819356 24.209.50.212:1519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:46595 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52E18254  Ack: 0x5765248E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-20:46:39.863961 24.209.50.212:1519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:46596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52E18808  Ack: 0x5765248E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.223438 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51173 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3021113  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.296490 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30216C7  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-21:15:18.259419 66.196.65.35:38671 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:20234 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCBBC2219  Ack: 0xC2FF4647  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 26375410 2653140159 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:17:22.453881 24.209.50.212:1660 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5499CC9C  Ack: 0xADC81DDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:17:22.484624 24.209.50.212:1660 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5499D250  Ack: 0xADC81DDF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:20:45.392449 216.39.48.30:42529 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:19011 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x8DFFF8E5  Ack: 0xBB45A18C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 663925426 2655151567 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:32:27.468719 66.196.65.35:58610 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:27016 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8A8AB2A  Ack: 0xE6E9C2F0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 26838296 2655511163 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-22:50:31.558630 216.39.48.30:56912 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40997 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xFF0ECC17  Ack: 0x2B5A2B11  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 664104005 2656066398 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:55:08.742972 65.26.95.7:1934 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:707 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x918A2FC0  Ack: 0x3D9A6AEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-22:55:08.772078 65.26.95.7:1934 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x918A3574  Ack: 0x3D9A6AEA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-23:59:38.403215 66.196.65.35:55813 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55458 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9B916024  Ack: 0x31055E46  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 27361352 2658190353 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:39.107879 24.101.10.51:3478 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:63984 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6DBD3C02  Ack: 0x77CCD374  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:43.878303 24.101.10.51:3954 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:64983 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6F0A1782  Ack: 0x781D4AB8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:49.589328 24.101.10.51:4919 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE7A2B5  Ack: 0x78BB002B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:52.627062 24.101.10.51:4919 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:1284 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6FE7A2B5  Ack: 0x78BB002B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:55.969486 24.101.10.51:3810 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7215DA1B  Ack: 0x799FA49A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:18:58.870469 24.101.10.51:3810 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:2794 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7215DA1B  Ack: 0x799FA49A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:19:02.842053 24.101.10.51:4866 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:3611 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7391D6A2  Ack: 0x7A0E7A8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:12.481140 24.101.10.51:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5725 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75AB1029  Ack: 0x7B411C8F  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:15.395689 24.101.10.51:4001 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6565 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75AB1029  Ack: 0x7B411C8F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-00:19:19.023595 24.101.10.51:3162 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7389 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x77E07F40  Ack: 0x7AF1309F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-00:19:25.264300 24.101.10.51:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8807 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x797F6A5B  Ack: 0x7B9334E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:05:45.581729 24.218.33.167:1474 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C3D3461  Ack: 0x29E4867A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:05:45.590092 24.218.33.167:1474 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C3D3A15  Ack: 0x29E4867A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:10:31.610117 24.209.50.212:1922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:12349 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27C34FAC  Ack: 0x3C749E7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-01:10:31.644408 24.209.50.212:1922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:12350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27C35560  Ack: 0x3C749E7C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-01:41:03.547709 66.196.65.35:42785 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18818 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x71E85032  Ack: 0xB04024DF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 27969818 2661307045 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-02:50:48.378779 66.196.65.35:40901 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:14340 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x61233A72  Ack: 0xB755E58B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 28388267 2663450422 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-04:14:44.086667 66.196.65.35:36921 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55752 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3546D3B3  Ack: 0xF4976097  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 28891797 2666029606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:26:25.145300 24.209.50.212:1439 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD949CED9  Ack: 0x202D863E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:26:25.173021 24.209.50.212:1439 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD949D48D  Ack: 0x202D863E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:48:29.858814 24.209.50.212:4920 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33114 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3D5FA762  Ack: 0x736E60DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-04:48:29.890181 24.209.50.212:4920 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33115 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3D5FAD16  Ack: 0x736E60DF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-05:15:29.363860 66.196.65.35:48353 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:1023 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x38663AD4  Ack: 0xDA0A7C75  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29256297 2667896645 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-06:37:38.413956 66.196.65.35:37228 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:43612 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAF4225D7  Ack: 0x10D89AE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 29749165 2670421207 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-06:59:48.628973 218.87.235.253:3126 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:37460 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x7C92D2B1  Ack: 0x63AFDDBC  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-06:59:48.630030 218.87.235.253:3126 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:37461 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x7C92D837  Ack: 0x63AFDDBC  Win: 0x4248  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:18:31.117683 211.161.149.3:33137 -> 192.168.1.6:80
TCP TTL:95 TOS:0x0 ID:63845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4E3E477  Ack: 0xAA46DE7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:18:31.118984 211.161.149.3:33137 -> 192.168.1.6:80
TCP TTL:95 TOS:0x0 ID:63846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4E3EA2B  Ack: 0xAA46DE7E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:08.859727 24.98.140.134:2433 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1419 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C83BDD4  Ack: 0xB88206BD  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.003677 24.98.140.134:2710 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1479 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D537075  Ack: 0xB7B41DE9  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.159404 24.98.140.134:2724 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1520 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D5EAA70  Ack: 0xB8827A96  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:09.335319 24.98.140.134:2733 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1554 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5D65BE25  Ack: 0xB7F8CC0B  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]