SnortSnarf alert page

Destination: 192.168.1.6: #6801-6900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 07:22:18.562432 on 06/07/2003
Latest: 00:51:40.935257 on 06/08/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-07:22:18.562432 24.98.140.134:3531 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4265 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FC7A8D6  Ack: 0xB9048F04  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-07:22:18.765362 24.98.140.134:3537 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4301 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FCCEAB3  Ack: 0xB904CDB2  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.119843 24.98.140.134:4326 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6739 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622317D0  Ack: 0xB97E78D0  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.316735 24.98.140.134:4396 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6822 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x623915AA  Ack: 0xB8D31D70  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.552353 24.98.140.134:4451 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6256E426  Ack: 0xB937BB6D  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:28.950580 24.98.140.134:4471 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6960 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6260C16D  Ack: 0xB98308FD  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:38.469604 24.98.140.134:1514 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:9480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64B2B54E  Ack: 0xB9A81F03  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:47.729233 24.98.140.134:2324 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:11982 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x672541B0  Ack: 0xBA2A8861  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:48.019617 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061  Ack: 0xBA925D4E  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:50.997991 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12765 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061  Ack: 0xBA925D4E  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:22:51.480215 24.98.140.134:2602 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12907 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x680209E3  Ack: 0xBAB137A5  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-07:23:00.877124 24.98.140.134:3382 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:15398 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A55D065  Ack: 0xBBAE2D8B  Win: 0xF990  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-08:27:51.223734 66.196.65.35:48236 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62322 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9F931BE5  Ack: 0xB0721550  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 30410396 2673808177 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-09:23:52.089660 216.39.48.30:50337 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44407 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x5573C98F  Ack: 0x8433E1D2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 667903239 2675529548 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-09:43:20.025983 66.196.65.35:47999 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:57432 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCDD2FC39  Ack: 0xCCBFBBED  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 30863244 2676127737 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:04:03.008713 24.175.87.10:1327 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F6E9E9  Ack: 0x1C7CB8FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:04:03.031202 24.175.87.10:1327 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31F6EF9D  Ack: 0x1C7CB8FB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:34:49.157717 12.27.55.243:29452 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46744 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x16E06296  Ack: 0x9019FDC3  Win: 0x40B0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-10:34:49.165006 12.27.55.243:29452 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46745 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x16E067FA  Ack: 0x9019FDC3  Win: 0x40B0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:11:17.057017 66.196.65.35:55772 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:18771 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA7D21B57  Ack: 0x1A17DB7B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 31390907 2678830541 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:42.770300 24.91.100.180:2924 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39822 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x35A55C38  Ack: 0x495DBC2A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:43.530428 24.91.100.180:2940 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:39894 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x35B30FA0  Ack: 0x49911B73  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:56.257580 24.91.100.180:3191 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x368C1AD7  Ack: 0x49D282EB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:56.977490 24.91.100.180:3288 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41060 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36E2120A  Ack: 0x4A01DE48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:23:57.475105 24.91.100.180:3312 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36F6BA24  Ack: 0x49EDA005  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:24:01.234131 24.91.100.180:3418 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41510 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374FD5BF  Ack: 0x4A512E0F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:24:01.977570 24.91.100.180:3433 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41568 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x375E60BA  Ack: 0x4ABF76C1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:24:05.764670 24.91.100.180:3540 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:41938 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x37BD4A88  Ack: 0x4AFCE1FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:45:28.891019 24.159.116.86:3141 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44992 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73235F8A  Ack: 0x9B864F99  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-11:45:28.952781 24.159.116.86:3141 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7323653E  Ack: 0x9B864F99  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-11:48:35.270443 66.196.65.35:54547 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30763 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2A79AFF4  Ack: 0xA67FB334  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 31614710 2679976907 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:02:56.303906 24.136.155.112:3999 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4958DDA9  Ack: 0xDCB2C216  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:02:56.310342 24.136.155.112:3999 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:57748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4958E35D  Ack: 0xDCB2C216  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:40:49.316046 24.102.69.64:4820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28201 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D2EAE  Ack: 0x6BB85B87  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:40:51.972792 24.102.69.64:4820 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28658 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x16D2EAE  Ack: 0x6BB85B87  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:15.975542 24.54.164.105:4990 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:37846 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD6BA7F95  Ack: 0x75805A0D  Win: 0x8000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:20.299988 24.54.164.105:3181 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:38367 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD751E648  Ack: 0x760A0AAA  Win: 0x8000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:20.879075 24.54.164.105:3198 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:38429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD7604529  Ack: 0x76285DA3  Win: 0x8000  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:31.109433 24.54.164.105:3599 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39585 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD8AD4254  Ack: 0x76AB5228  Win: 0x8000  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:31.855314 24.54.164.105:3629 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39684 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD8C50095  Ack: 0x77560173  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:43:32.565389 24.54.164.105:3664 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:39782 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD8E1A237  Ack: 0x7711AE1A  Win: 0x8000  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:43:42.936617 24.54.164.105:4119 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41138 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDA57D10F  Ack: 0x7710C572  Win: 0x8000  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:43.638615 24.54.164.105:4148 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDA731584  Ack: 0x776971FC  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:44.316212 24.54.164.105:4174 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:41318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA88638C  Ack: 0x77EB8A51  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:54.597045 24.54.164.105:4652 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42750 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC027A05  Ack: 0x789A629B  Win: 0x8000  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:55.449953 24.54.164.105:4719 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC246AB2  Ack: 0x78921F6A  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:56.211923 24.54.164.105:4787 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:42979 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDC426C2A  Ack: 0x7804DC90  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:56.962134 24.54.164.105:4844 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43081 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDC5CDA67  Ack: 0x787093AA  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:57.871063 24.54.164.105:4912 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43220 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC7D058C  Ack: 0x780756A4  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:43:58.674281 24.54.164.105:4998 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43335 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDC9D55E3  Ack: 0x7897E228  Win: 0x8000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-12:44:02.916006 24.54.164.105:3192 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:43919 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDD39D5DA  Ack: 0x78B1E994  Win: 0x8000  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-12:59:15.984745 66.196.65.35:46424 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:47955 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE46937B3  Ack: 0xB2267261  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32038749 2682148915 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-13:15:24.873208 64.68.82.46:22202 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:37136 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xBF657062  Ack: 0xEEA34BC0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 878240605 2682642698 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-13:59:25.078317 66.196.65.35:34776 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:27636 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x11ED47A7  Ack: 0x957A034F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 32399630 2683997426 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-15:52:40.456199 66.196.65.35:42890 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:14869 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2C740563  Ack: 0x408105A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 33079118 2687477890 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:04.434109 24.201.83.152:1125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA8C445F6  Ack: 0xDA02E361  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:08.386842 24.201.83.152:1176 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50813 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA8F93210  Ack: 0xDA68CF3A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:12.646435 24.201.83.152:1191 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51227 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA908B755  Ack: 0xDA2F4BD9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:44.189047 24.201.83.152:1396 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA9D6F53B  Ack: 0xDB760006  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:45.242117 24.201.83.152:1705 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53542 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB12B93B  Ack: 0xDC24BC01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:33:49.712603 24.201.83.152:1761 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB4E1A57  Ack: 0xDD396C48  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:33:50.388117 24.201.83.152:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB5B94F0  Ack: 0xDC8B4EE7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:33:51.320719 24.201.83.152:1785 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53954 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAB6540BD  Ack: 0xDCDCD42F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:01.698003 24.201.83.152:1947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54762 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC054C61  Ack: 0xDCFE800A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:02.508486 24.201.83.152:1962 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC145E19  Ack: 0xDD645049  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:03.487851 24.201.83.152:1973 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC1D60EF  Ack: 0xDD625569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:04.386332 24.201.83.152:1983 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54939 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAC2850D3  Ack: 0xDE0D7D08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:05.295212 24.201.83.152:1995 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55013 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAC346A32  Ack: 0xDDA2265D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:06.091578 24.201.83.152:2009 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55061 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC425058  Ack: 0xDD9778B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:07.096340 24.201.83.152:2022 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55118 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAC4FAAAA  Ack: 0xDDA8B10A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-16:34:08.214034 24.201.83.152:2035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55187 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAC5C976F  Ack: 0xDDC13B0A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-16:57:03.066523 66.196.65.35:40513 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30122 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1FBC43EB  Ack: 0x33EA7F86  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 33465349 2689456236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.838127 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F1E9E  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.868006 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57283 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F2452  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-18:11:14.927887 216.39.48.30:39857 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17813 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x1D52EF5D  Ack: 0x4C67A77A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 671066846 2691736409 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-19:19:09.290218 66.196.65.35:53091 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:47699 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE2C4B8D5  Ack: 0x4D766583  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 34317905 2693823219 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.972916 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE808E  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.974260 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE8642  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.809215 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF331786E  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.816844 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3317E22  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.580233 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20BEFB  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.587799 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20C4AF  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-22:14:57.281514 66.196.73.77:26438 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57625 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF9C6CF4E  Ack: 0xE5721693  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.233436 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x607FFBCD  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.264392 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60800181  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:29:21.765811 24.167.127.146:4510 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8C673DE  Ack: 0xFE7D09F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:29:21.767097 24.167.127.146:4510 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE8C67992  Ack: 0xFE7D09F3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/07-23:36:08.492589 66.196.73.77:3215 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:13415 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC03D7255  Ack: 0x17E488BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:34:08.780919 66.196.65.35:47277 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:30803 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xFACFA523  Ack: 0xF2EC4B87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 36207711 2703503181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:37:52.776601 66.196.65.24:41626 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:63968 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C5F0F8E  Ack: 0x12DB652  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:26.622183 24.219.28.221:3631 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61071 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAE70E332  Ack: 0x33C42ED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:27.143367 24.219.28.221:3644 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61102 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAE7C1B1D  Ack: 0x33BD1F79  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:29.457251 24.219.28.221:3712 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61314 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEB73D57  Ack: 0x33DF5FC8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:29.753326 24.219.28.221:3723 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61340 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEC08B49  Ack: 0x33B3494C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:30.055886 24.219.28.221:3728 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEC5F240  Ack: 0x348B922F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:51:33.450066 24.219.28.221:3829 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61616 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF1C706A  Ack: 0x342B2BBA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:51:36.933250 24.219.28.221:3954 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62001 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF88CCA8  Ack: 0x344FD79D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.317941 24.219.28.221:3964 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62300 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF915CBB  Ack: 0x34B57CF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.642688 24.219.28.221:4070 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFEB3D6F  Ack: 0x348D236F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:40.935257 24.219.28.221:4079 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF397EF  Ack: 0x34C3C771  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]