SnortSnarf alert page

Destination: 192.168.1.6: #7001-7100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:43:28.700389 on 06/09/2003
Latest: 22:03:47.424994 on 06/09/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:28.700389 24.197.103.210:4393 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3278 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDBF20E24  Ack: 0x568B9603  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:42.184810 24.197.103.210:4752 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4467 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDD251F87  Ack: 0x56D063E2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:43:48.972707 24.197.103.210:1057 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDDBCE02A  Ack: 0x57A51A5E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:00.626728 24.197.103.210:1358 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6035 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDECC8281  Ack: 0x579FFAC3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:04.428405 24.197.103.210:1407 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6257 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDEF8CEDD  Ack: 0x5840256F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-00:44:07.370332 24.197.103.210:1500 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6559 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF4740A7  Ack: 0x585F2629  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-00:44:11.197836 24.197.103.210:1573 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6815 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDF875B3F  Ack: 0x5892D709  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:14.083515 24.197.103.210:1656 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7099 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDFD22014  Ack: 0x58FAC7AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:17.974348 24.197.103.210:1725 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7359 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE00F1254  Ack: 0x5950DC4D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:20.864904 24.197.103.210:1821 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7574 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE064306C  Ack: 0x58B33A40  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:36.356936 24.197.103.210:2096 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8796 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE15890D1  Ack: 0x5A117F08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:40.230005 24.197.103.210:2248 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1D48ABB  Ack: 0x5A495813  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:43.093161 24.197.103.210:2337 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE2264060  Ack: 0x5A666968  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:46.969809 24.197.103.210:2414 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9586 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE268B871  Ack: 0x5A71AAB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:49.873320 24.197.103.210:2503 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:9810 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE2B77E54  Ack: 0x5AFCB328  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-00:44:53.742269 24.197.103.210:2569 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10096 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2F31EB3  Ack: 0x5B8F668A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-01:03:10.169211 66.196.65.35:39537 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33128 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x80DF882A  Ack: 0xA04DE41B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45021176 2748647503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-01:03:10.525117 66.196.65.35:39537 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33129 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x80DF882A  Ack: 0xA04DE41B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45021212 2748647503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-02:27:36.365436 66.196.65.35:39116 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:1804 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC6EFCE46  Ack: 0xDE8B90B2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 45527758 2751242311 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:58:22.040478 66.196.65.35:53398 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55455 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xFEF70685  Ack: 0x3626E759  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 46072278 2754031449 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:19.522230 24.201.31.41:3361 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50324 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F2ABAA0  Ack: 0x3A1332D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:29.149496 24.201.31.41:3501 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50672 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1FB7D945  Ack: 0x3A09EBEE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:29.300037 24.201.31.41:3503 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50686 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1FB9A5AF  Ack: 0x3A669E70  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:38.512794 24.201.31.41:3676 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51221 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x206175F0  Ack: 0x3B4F0EAF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:47.673866 24.201.31.41:3797 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51523 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20DE36B0  Ack: 0x3B4044E6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:59:47.828573 24.201.31.41:3803 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51535 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20E444D2  Ack: 0x3BE28C6C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-03:59:57.049311 24.201.31.41:3943 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51932 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x216E09E5  Ack: 0x3BA80CCB  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.223111 24.201.31.41:3946 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51942 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21711488  Ack: 0x3BA1665D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.393942 24.201.31.41:3949 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21744C28  Ack: 0x3B95BF0D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.566033 24.201.31.41:3952 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51962 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2177BDC9  Ack: 0x3B9A3F26  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.728784 24.201.31.41:3955 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51977 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x217AE0E9  Ack: 0x3BC06A0F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:57.870029 24.201.31.41:3961 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51991 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2180234B  Ack: 0x3C2C1E17  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:58.044831 24.201.31.41:3963 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51998 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x218204AE  Ack: 0x3BD70ABE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-03:59:58.217713 24.201.31.41:3965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52010 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2184594E  Ack: 0x3BD66B08  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.198771 24.201.31.41:3965 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52137 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2184594E  Ack: 0x3BD66B08  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.584638 24.201.31.41:4017 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52190 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x21B8AEE3  Ack: 0x3CA65BC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-04:00:01.775358 24.201.31.41:4025 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52218 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21BEFEE1  Ack: 0x3C403C23  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:11:13.873898 66.196.65.35:54912 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:64372 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA147E3C9  Ack: 0x48FFDDF6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 46509426 2756270604 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.395118 24.189.230.118:1324 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2552 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71C5B62C  Ack: 0x6D95348C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.770884 24.189.230.118:1335 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2589 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x71CF2E66  Ack: 0x6DD29EDD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:51.905727 24.189.230.118:1344 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2609 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71D495BB  Ack: 0x6D922138  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:52.045190 24.189.230.118:1352 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71DAADCB  Ack: 0x6D1CC9B3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:20:52.181367 24.189.230.118:1356 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x71DE2BC2  Ack: 0x6DB0C1E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:21:01.314526 24.189.230.118:1763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3795 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7306E1BD  Ack: 0x6DBD5772  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-05:21:10.420701 24.189.230.118:2139 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4532 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x741DFB61  Ack: 0x6E75AE1E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.531290 24.189.230.118:2144 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7420B36E  Ack: 0x6E995449  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.668170 24.189.230.118:2147 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4551 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7423D62C  Ack: 0x6EC29BBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.780818 24.189.230.118:2148 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4561 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7424CFD3  Ack: 0x6ED6E3B5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:10.911400 24.189.230.118:2160 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4585 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x742D29F8  Ack: 0x6EAEFC67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:11.022229 24.189.230.118:2173 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4600 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7433C95A  Ack: 0x6EB2E669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.233268 24.189.230.118:2573 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5566 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7561CB8F  Ack: 0x6F333443  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.347663 24.189.230.118:2579 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5582 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75664176  Ack: 0x6EFC42CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.490858 24.189.230.118:2586 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5598 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x756BC6C8  Ack: 0x6F1C1ACA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:21:20.623073 24.189.230.118:2591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x756FAE65  Ack: 0x6F7DDF7B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:24:31.414093 24.80.90.219:3176 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x331AD55  Ack: 0x7BDF4F03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-05:24:31.478356 24.80.90.219:3176 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x331B309  Ack: 0x7BDF4F03  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-06:00:19.389937 66.196.65.24:54325 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:24463 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x733F4F4  Ack: 0x2148C4A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-08:21:58.512024 66.196.65.35:41227 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62018 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE6EDF525  Ack: 0x19331062  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47653803 2762132336 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-09:14:45.725271 24.209.5.98:2266 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9ABF4F1E  Ack: 0xE150711D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-09:14:45.754497 24.209.5.98:2266 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10036 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9ABF54D2  Ack: 0xE150711D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-10:20:32.421960 66.196.65.35:57263 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9142 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDAF621A3  Ack: 0xD98F3FDB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48365143 2765775955 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-10:24:50.616024 24.209.49.251:1778 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE065465F  Ack: 0xEA17F688  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-10:24:50.651687 24.209.49.251:1778 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:17897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE0654C13  Ack: 0xEA17F688  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:03:27.467229 64.68.82.16:18294 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:33721 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x48EA09D3  Ack: 0x7B200D7B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 894733064 2767094079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:28:56.480053 66.196.65.35:45324 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:34658 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAED9D0E4  Ack: 0xDBE6BD6B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48775518 2767877979 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-11:34:50.198297 66.196.65.24:46886 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:38840 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x203A5F25  Ack: 0xF24DA8CB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-11:58:35.536635 24.209.49.251:4990 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34732 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF55B340  Ack: 0x4C872A1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-11:58:35.594998 24.209.49.251:4990 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34733 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF55B8F4  Ack: 0x4C872A1E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-12:37:54.282476 66.196.65.24:64769 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:21392 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x753BD2A7  Ack: 0xDFC74500  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-13:16:14.629529 66.196.65.35:58599 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:42823 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC33164AD  Ack: 0x7197B1CD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49419285 2771175476 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-14:01:58.612716 66.196.65.24:45652 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18849 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7435A587  Ack: 0x1E168772  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:34:18.344499 24.209.49.251:1861 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60266 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AEEECA6  Ack: 0x98F5FD59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:34:18.378875 24.209.49.251:1861 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60267 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1AEEF25A  Ack: 0x98F5FD59  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:43:37.404016 24.209.49.251:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:6344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E295759  Ack: 0xBC2A490D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-14:43:37.433046 24.209.49.251:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:6345 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E295D0D  Ack: 0xBC2A490D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-15:02:55.521693 66.196.65.35:49057 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:61154 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x342AF23E  Ack: 0x3DB1780  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50059329 2774453904 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-15:43:18.376767 24.130.80.176:4575 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D3C329E  Ack: 0x9D62F812  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-15:43:18.384962 24.130.80.176:4575 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D3C3852  Ack: 0x9D62F812  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-17:02:08.114525 66.196.65.35:34166 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39341 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xB6CEA48F  Ack: 0xC6FC98F9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50774534 2778117325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-17:21:04.503175 66.196.65.24:56775 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:35694 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD4A6F169  Ack: 0xDF80E42  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.680121 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49EA51  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.710369 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49F005  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:21:57.623639 24.155.55.163:3198 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33734 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA25F24A4  Ack: 0xF50B6122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:21:57.629481 24.155.55.163:3198 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33735 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA25F2A58  Ack: 0xF50B6122  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:46:22.601680 24.209.49.251:4234 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x108FF045  Ack: 0x50608224  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:46:22.617147 24.209.49.251:4234 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x108FF5F9  Ack: 0x50608224  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.372689 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7618A  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.413247 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7673E  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-19:07:43.735829 66.196.65.35:36607 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:44410 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x24757C44  Ack: 0xA05611AD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 51528040 2781976945 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-19:10:33.198511 66.196.65.24:15291 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49922 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x11256D65  Ack: 0xABA10204  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.530580 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14016 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78B4FB  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.583645 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78BAAF  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-20:37:51.380482 66.196.65.35:45123 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:56970 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x601D7F1A  Ack: 0xF5167075  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52068761 2784746642 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.656391 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57100 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EF53A  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.680175 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57101 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EFAEE  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-21:32:41.676290 66.196.65.24:23346 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57668 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2CC81475  Ack: 0xC5059FCC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:40.153482 24.140.13.155:1968 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26718 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7790E9CE  Ack: 0x39336A11  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:43.828940 24.140.13.155:2131 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7815EC34  Ack: 0x39AC14C3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:47.232316 24.140.13.155:2257 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27469 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x787BC1FE  Ack: 0x39647080  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:47.424994 24.140.13.155:2263 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27489 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7880F3B1  Ack: 0x39515CE6  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]