SnortSnarf alert page

Destination: 192.168.1.6: #6901-7000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:51:41.261272 on 06/08/2003
Latest: 23:18:15.884208 on 06/08/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.261272 24.219.28.221:4086 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62372 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF9FEA7  Ack: 0x346F8E8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.599229 24.219.28.221:4095 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB00210D2  Ack: 0x34AAE1CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:41.917600 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62434 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755  Ack: 0x34A68E41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:44.852025 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62663 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755  Ack: 0x34A68E41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:45.087240 24.219.28.221:4196 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62685 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0582B6C  Ack: 0x34CA3674  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:45.258372 24.219.28.221:4204 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62702 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB05F09B0  Ack: 0x34E77775  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:51:51.223579 24.219.28.221:4401 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1053BE9  Ack: 0x3577D485  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:25.519784 24.98.140.134:4095 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:58253 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E66C4D  Ack: 0x46E56650  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:32.426623 24.98.140.134:4457 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59708 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x504B591  Ack: 0x46C0C068  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:32.812594 24.98.140.134:4781 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x59A9407  Ack: 0x479B0349  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:36.315737 24.98.140.134:1113 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60612 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6468A5F  Ack: 0x478A2A23  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:36.519304 24.98.140.134:1132 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x654D4B6  Ack: 0x47A3CB4C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:56:36.818201 24.98.140.134:1143 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65E0BEB  Ack: 0x474D76E9  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-00:56:37.206714 24.98.140.134:1170 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60837 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x670EEF7  Ack: 0x475907F7  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.416422 24.98.140.134:1197 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60904 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x687E7DC  Ack: 0x47B14D73  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.612613 24.98.140.134:1200 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60954 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68B31AF  Ack: 0x471EC9CC  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:37.791953 24.98.140.134:1215 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61020 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x694B074  Ack: 0x475A6E7A  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:38.125678 24.98.140.134:1229 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FC36D  Ack: 0x472E665D  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:38.531224 24.98.140.134:1239 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A80D83  Ack: 0x47BD111C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:39.018151 24.98.140.134:1260 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61502 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6B8071B  Ack: 0x47B3C00C  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-00:56:39.537519 24.98.140.134:1280 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C88E8D  Ack: 0x47608EC9  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-02:20:46.634573 24.229.103.234:4372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E8F1339  Ack: 0x85CD6F43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-02:20:46.643634 24.229.103.234:4372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E8F18ED  Ack: 0x85CD6F43  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-02:24:41.422853 66.196.65.35:46147 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:60712 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB8EB848D  Ack: 0x94914EF4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 36870927 2706900298 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-03:12:20.656488 24.209.49.251:1345 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65218 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x482644FE  Ack: 0x47BD3111  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-03:12:20.686906 24.209.49.251:1345 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48264AB2  Ack: 0x47BD3111  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-04:51:28.772497 66.196.65.35:54326 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:10388 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x9DEEDE55  Ack: 0xBE48CAFD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 37751597 2711411258 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-04:55:34.743389 24.43.3.89:3243 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EEEE04C  Ack: 0xCE353E21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-04:55:34.839758 24.43.3.89:3243 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40798 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EEEE600  Ack: 0xCE353E21  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-05:19:25.855970 24.209.49.251:4161 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7426 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECCFFCC8  Ack: 0x27D4A2C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-05:19:25.886477 24.209.49.251:4161 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7427 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECD0027C  Ack: 0x27D4A2C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:00.607793 24.59.74.47:3827 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11489 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x379A4F29  Ack: 0x2AACBC0A  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:01.043838 24.59.74.47:3834 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:11552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x37A0A6AE  Ack: 0x2A9F17FC  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:10.553622 24.59.74.47:4131 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13110 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x38A153CF  Ack: 0x2B9779E6  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.047217 24.59.74.47:4440 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14681 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x39A861FD  Ack: 0x2BDBE992  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.224759 24.59.74.47:4447 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14713 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x39AEC661  Ack: 0x2C57D1E2  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-06:28:20.482894 24.59.74.47:4461 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14777 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x39BA3E72  Ack: 0x2C0E1961  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-06:28:20.761612 24.59.74.47:4473 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14851 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x39C4121B  Ack: 0x2CBE258A  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:20.991511 24.59.74.47:4479 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14907 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x39C94CD9  Ack: 0x2BCCE501  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:21.189511 24.59.74.47:4488 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14959 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x39D0C71B  Ack: 0x2C444BDD  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:30.838612 24.59.74.47:4840 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16782 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3AFB4F9C  Ack: 0x2C870B97  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:40.271095 24.59.74.47:1195 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C0B6F5D  Ack: 0x2DDC212E  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:40.462514 24.59.74.47:1209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18579 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C1547C8  Ack: 0x2CF911BF  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:53.329416 24.59.74.47:1527 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20912 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3D2211B7  Ack: 0x2E13D9F0  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:53.585739 24.59.74.47:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20989 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D8252A1  Ack: 0x2E0A3513  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:56.470279 24.59.74.47:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D8252A1  Ack: 0x2E0A3513  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:56.846394 24.59.74.47:1753 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21545 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3DDFFBF6  Ack: 0x2EB1D9E4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-06:28:57.013228 24.59.74.47:1756 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21575 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DE2FB20  Ack: 0x2E671FB4  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-07:03:04.029381 66.196.65.35:51142 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46138 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x690CE965  Ack: 0xB0670D41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 38541060 2715455048 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-07:10:48.147792 24.209.49.251:2265 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19DA2D29  Ack: 0xCD6D2391  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-07:10:48.178322 24.209.49.251:2265 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19DA32DD  Ack: 0xCD6D2391  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-07:23:26.311573 216.39.48.30:53678 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24589 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xCCBB4DCE  Ack: 0xFCFD026A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675818962 2716081091 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-08:41:45.278192 209.237.238.173:54816 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22747 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF3C64E7F  Ack: 0x2481B638  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73275059 2718487810 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-08:43:37.546793 209.237.238.175:44831 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45245 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFB39F788  Ack: 0x2C84A3AB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73287495 2718545314 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-09:18:28.356611 66.196.65.35:36630 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46932 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD8B8B48E  Ack: 0xAEF2BEC8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39353432 2719616180 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-09:24:51.543585 24.209.49.251:1248 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x87CA8AB4  Ack: 0xC69AF35E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-09:24:51.574553 24.209.49.251:1248 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x87CA9068  Ack: 0xC69AF35E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-10:23:39.205993 66.196.65.35:50679 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33475 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDB7FC4F4  Ack: 0xA555F57E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 39744487 2721619244 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:28:17.014756 24.209.49.251:4841 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F3FFEBD  Ack: 0xB6A72A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:28:17.044738 24.209.49.251:4841 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10813 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F400471  Ack: 0xB6A72A11  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-10:36:57.791133 24.209.49.251:3631 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC5187239  Ack: 0xD8281D08  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:09:11.163963 24.209.49.251:4033 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52F9B4AA  Ack: 0x51830B71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:09:11.206162 24.209.49.251:4033 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52F9BA5E  Ack: 0x51830B71  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:49.162228 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:49.188426 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:13849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728735  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:52.068377 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14161 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:11:58.095284 24.162.60.201:2524 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:14657 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D728181  Ack: 0x5B30FF03  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-11:39:37.596913 66.196.65.35:44589 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:61402 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x81543ADA  Ack: 0xC5501646  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 40200290 2723953962 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:52:53.745119 24.209.49.251:1943 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10CDF572  Ack: 0xF6A2667B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-11:52:53.814646 24.209.49.251:1943 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10CDFB26  Ack: 0xF6A2667B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-12:45:26.315480 66.196.65.35:33872 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:29242 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF8E7C440  Ack: 0xBD77A043  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 40595128 2725976404 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:15:48.980613 24.209.210.177:1307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C47BB86  Ack: 0x12B1D140  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:15:49.021245 24.209.210.177:1307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C47C13A  Ack: 0x12B1D140  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-14:22:39.493163 66.196.65.35:48609 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46045 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7156BB45  Ack: 0x2CF79A54  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 41178403 2728964045 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-14:33:50.113905 66.196.73.77:30071 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:1953 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBB1EFFCE  Ack: 0x5784922D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:57:34.338522 24.209.49.251:1045 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18AC9678  Ack: 0xAFA1CA2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-14:57:34.368152 24.209.49.251:1045 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:57328 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18AC9C2C  Ack: 0xAFA1CA2C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-15:14:49.264482 24.209.49.251:4506 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E45F62E  Ack: 0xF11DFDEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-15:14:49.310941 24.209.49.251:4506 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49798 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E45FBE2  Ack: 0xF11DFDEF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-15:47:34.371583 66.196.65.35:50815 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:19460 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x4AC9101C  Ack: 0x6E5B362A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 41687849 2731573491 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-17:45:51.443000 66.196.65.35:53360 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9941 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB201F42E  Ack: 0x2C897339  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42397504 2735208529 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:07:00.946208 24.209.49.251:3278 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3DBD73D  Ack: 0x7C0B84A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:07:01.018841 24.209.49.251:3278 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3DBDCF1  Ack: 0x7C0B84A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:42:22.393747 24.118.24.56:4664 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61460 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1F61A7B8  Ack: 0x1F3E0B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-18:42:22.403597 24.118.24.56:4664 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61461 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1F61AD6C  Ack: 0x1F3E0B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-19:02:48.399314 66.196.65.35:60175 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39566 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xBF490252  Ack: 0x4EB2BD0A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42859162 2737573223 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-20:20:08.589249 66.196.65.35:44510 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:40168 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF4973CC2  Ack: 0x72B4A627  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 43323146 2739949849 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-20:23:57.831377 203.94.78.130:1887 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34743 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0xEE529BF0  Ack: 0x814C53EF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24255622 2740066935 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:26:37.868255 24.209.49.251:3528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD2A4005E  Ack: 0x8B0C5C51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:26:37.899111 24.209.49.251:3528 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD2A40612  Ack: 0x8B0C5C51  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:32:46.564788 24.209.49.251:4745 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3637 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE67DAA69  Ack: 0xA2ABE789  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:32:46.600985 24.209.49.251:4745 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3638 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE67DB01D  Ack: 0xA2ABE789  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:41:59.929837 203.73.143.123:2872 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:16851 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B86504F  Ack: 0xC4C601D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-20:41:59.938411 203.73.143.123:2872 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:16852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B865603  Ack: 0xC4C601D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-22:12:15.768005 66.196.65.35:36816 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:52553 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE0EF37EF  Ack: 0x1A517835  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 43995804 2743395337 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-22:42:43.165994 24.29.133.200:3844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29464 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA43C8A5A  Ack: 0x8D656182  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-22:42:43.186680 24.29.133.200:3844 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29465 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA43C900E  Ack: 0x8D656182  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-23:04:24.367812 24.136.23.20:2406 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD32CC45D  Ack: 0xDF61B99B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/08-23:04:24.376382 24.136.23.20:2406 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:64832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD32CCA11  Ack: 0xDF61B99B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-23:18:15.884208 66.196.65.35:39267 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:57021 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC359EDBA  Ack: 0x148E445C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 44391794 2745423676 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]