SnortSnarf alert page

Destination: 192.168.1.6: #7501-7600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 14:39:44.861768 on 06/14/2003
Latest: 13:05:15.585326 on 06/15/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:39:44.861768 66.196.65.24:23481 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:54213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF2E72DD5  Ack: 0xEB88D3AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:12:59.914887 24.120.188.236:4159 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52755 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF79B2D9A  Ack: 0x68C339D2  Win: 0x42C0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:00.578546 24.120.188.236:4192 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52853 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF7B7AA3E  Ack: 0x692561DE  Win: 0x42C0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:00.853100 24.120.188.236:4204 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:52891 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7C1B009  Ack: 0x692F1B78  Win: 0x42C0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:01.124700 24.120.188.236:4245 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7E1F6DE  Ack: 0x69A95682  Win: 0x42C0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:01.385814 24.120.188.236:4257 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53080 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7EBFE68  Ack: 0x699EB355  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:13:01.666101 24.120.188.236:4266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53109 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F33C7E  Ack: 0x6970F40F  Win: 0x42C0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:13:01.935685 24.120.188.236:4270 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53131 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F7943A  Ack: 0x692A94D9  Win: 0x42C0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.200445 24.120.188.236:4279 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53154 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF7FEF3EE  Ack: 0x69070A27  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.502131 24.120.188.236:4287 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53188 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF80646F2  Ack: 0x69A7EC54  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:02.758226 24.120.188.236:4306 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53211 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF81564BB  Ack: 0x69A133BC  Win: 0x42C0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.012971 24.120.188.236:4312 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53259 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF81AD10A  Ack: 0x69392BAC  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.288950 24.120.188.236:4402 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53355 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF85DC81D  Ack: 0x69DE8D22  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.576066 24.120.188.236:4425 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53581 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF86F0B95  Ack: 0x692124B6  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:03.826024 24.120.188.236:4433 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53668 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8767F1C  Ack: 0x693D6211  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:04.081079 24.120.188.236:4441 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:53743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF87D0ECE  Ack: 0x698D285A  Win: 0x42C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:13:07.353242 24.120.188.236:4449 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:55039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8839D8D  Ack: 0x69B356B8  Win: 0x42C0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:28.733548 24.242.253.122:2441 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4444 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7AC67B3  Ack: 0xEEF711D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:30.909367 24.242.253.122:1045 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5474 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD2779D0  Ack: 0xEF4FDE41  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:48:41.055069 24.242.253.122:2734 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10275 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x11E15769  Ack: 0xEFA9AB03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:48:42.683831 24.242.253.122:2885 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11040 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12498E92  Ack: 0xEFEB111A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:09.790128 24.242.253.122:3970 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23027 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x14D423CD  Ack: 0xF02171B6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:11.262403 24.242.253.122:4701 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1F2284EB  Ack: 0xF18AB783  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:12.942994 24.242.253.122:1103 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24510 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1FBB5C37  Ack: 0xF1647072  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:15.376752 24.242.253.122:1438 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25479 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x20A6FBDC  Ack: 0xF236BC26  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:20.217479 24.242.253.122:1752 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:27503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x218BD834  Ack: 0xF23365B7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:22.133956 24.242.253.122:2514 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28200 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x23A422E8  Ack: 0xF2091691  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:23.618084 24.242.253.122:2728 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28915 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x243BA4CD  Ack: 0xF1ED6EF0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:25.353465 24.242.253.122:3028 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29778 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x250D033F  Ack: 0xF2D3790C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-15:49:27.397071 24.242.253.122:3310 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30503 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x25DEBDC5  Ack: 0xF2841EF9  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-16:04:23.577617 66.196.65.24:43535 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20490 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA532ECB  Ack: 0x2B5C929E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-17:56:03.020062 66.196.65.24:42783 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:34517 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC01D3721  Ack: 0xD0BCFFA4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-19:59:00.923182 66.196.65.24:60089 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:5969 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC9BAF9BB  Ack: 0xA1A6E2D7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-21:16:56.842790 66.196.65.24:1719 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28283 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEC37F126  Ack: 0xC8B4828D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:14:20.372164 66.196.65.35:46968 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12128 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x443D6CFD  Ack: 0xA1FE2E82  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 95844349 3008973903 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:57:50.401021 66.196.65.24:46582 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51786 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x13C9E763  Ack: 0x455D224A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:47.518703 24.162.12.210:2592 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29430 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFFFB7AB  Ack: 0x98A3305B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:48.019290 24.162.12.210:2611 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29520 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x100F40C3  Ack: 0x9908F8DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:48.600030 24.162.12.210:2623 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29596 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1018C964  Ack: 0x98CCBECD  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:49.157891 24.162.12.210:2645 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29698 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x102CBBDC  Ack: 0x995A583E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:49.389228 24.162.12.210:2661 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29749 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x103AEBA3  Ack: 0x99663767  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-00:27:49.710674 24.162.12.210:2674 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29816 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1045B546  Ack: 0x98CDB3C8  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-00:27:49.979780 24.162.12.210:2690 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29878 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1052F5E2  Ack: 0x99010EA9  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:50.193487 24.162.12.210:2700 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29913 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x105C8FEC  Ack: 0x98ED001E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:50.636271 24.162.12.210:2707 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:29983 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1062994F  Ack: 0x99543CB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.152036 24.162.12.210:2733 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30082 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1076FBDD  Ack: 0x999D8DDC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.503163 24.162.12.210:2762 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30168 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x108D97B4  Ack: 0x996FF4EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:51.876239 24.162.12.210:2769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30243 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1093A99E  Ack: 0x9949C174  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.086000 24.162.12.210:2793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30315 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x10A6A4D1  Ack: 0x993B9982  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.301137 24.162.12.210:2815 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x10B7C815  Ack: 0x99635D1A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:52.891662 24.162.12.210:2837 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30516 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x10C9B75C  Ack: 0x996E1519  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-00:27:53.260317 24.162.12.210:2858 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30599 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x10DB35B6  Ack: 0x99B81E3B  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.259534 24.209.36.207:4842 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32162 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x99118238  Ack: 0x4C253B1B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.441362 24.209.36.207:4844 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32173 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x991427EC  Ack: 0x4C4A35BD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.556643 24.209.36.207:4846 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32180 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x99160618  Ack: 0x4C33DC8E  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.649178 24.209.36.207:4848 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32189 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9917E6D3  Ack: 0x4C7E8C34  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:08.745120 24.209.36.207:4850 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32196 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x99199B1C  Ack: 0x4C14E140  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:15:08.831821 24.209.36.207:4851 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32207 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x991A9DFD  Ack: 0x4CDC89C6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:15:08.918775 24.209.36.207:4854 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32221 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x991CBE33  Ack: 0x4C52EA55  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.025258 24.209.36.207:4856 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x991E7EBB  Ack: 0x4C38AD87  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.105382 24.209.36.207:4858 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32237 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99208302  Ack: 0x4C306BB0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.230090 24.209.36.207:4862 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99237E13  Ack: 0x4CC02038  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.324555 24.209.36.207:4865 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32263 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9925A9B2  Ack: 0x4CE9A8AC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.421003 24.209.36.207:4869 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32276 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9928CE93  Ack: 0x4CC9CD5C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.548204 24.209.36.207:4872 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32288 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x992BCB0A  Ack: 0x4C789399  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:09.610211 24.209.36.207:4874 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32296 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x992D28EE  Ack: 0x4CBA556F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.691845 24.209.36.207:4874 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32504 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x992D28EE  Ack: 0x4CBA556F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.762285 24.209.36.207:4988 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32511 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x996A2CA0  Ack: 0x4C88E9B3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-01:15:12.846981 24.209.36.207:4989 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:32517 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x996B10BF  Ack: 0x4C5D6B07  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-02:24:51.263111 66.196.65.24:16442 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19349 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF44C883D  Ack: 0x54076F01  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-02:50:07.847752 24.62.42.136:2333 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:52764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F0DBE84  Ack: 0xB21C7141  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-02:50:07.856078 24.62.42.136:2333 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:52765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F0DC438  Ack: 0xB21C7141  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-04:05:13.345745 24.29.155.70:2048 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7C3F1BC  Ack: 0xCE449119  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-04:05:13.369959 24.29.155.70:2048 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7C3F770  Ack: 0xCE449119  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-06:09:21.259804 24.239.182.109:4641 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB1B8815  Ack: 0xA38D824B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-06:09:21.290046 24.239.182.109:4641 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB1B8DC9  Ack: 0xA38D824B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.608014 24.208.193.218:2998 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:959 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB8C8780A  Ack: 0xACB60BF8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.723527 24.208.193.218:3003 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:975 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB8CC7545  Ack: 0xAD46B801  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.818852 24.208.193.218:3005 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:984 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8CE18AD  Ack: 0xAD442BF6  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:22.890420 24.208.193.218:3008 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8D0DEFF  Ack: 0xAD30F335  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.271796 24.208.193.218:3013 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1269 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB8D49359  Ack: 0xACE4F7D7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-09:35:26.340108 24.208.193.218:3094 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1280 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB91B33D2  Ack: 0xAD1AA4C2  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-09:35:26.416723 24.208.193.218:3095 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1290 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB91C927A  Ack: 0xACF732F0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.501796 24.208.193.218:3097 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1308 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB91E444E  Ack: 0xAD0F0374  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.591297 24.208.193.218:3102 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92330A9  Ack: 0xAD31B907  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.686023 24.208.193.218:3106 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1342 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92603E1  Ack: 0xAD240D36  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.774501 24.208.193.218:3108 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1355 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9284ACA  Ack: 0xAD9FED18  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.838657 24.208.193.218:3111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1367 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92ACDE7  Ack: 0xAD760728  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:26.937517 24.208.193.218:3114 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1387 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB92DA129  Ack: 0xAD6957AD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.010829 24.208.193.218:3117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9306E44  Ack: 0xAD630A78  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.086169 24.208.193.218:3120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1417 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB932AC63  Ack: 0xACF35D9A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-09:35:27.193391 24.208.193.218:3124 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1438 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB936580E  Ack: 0xAD45D40D  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-10:25:17.860005 66.196.65.24:3799 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:6648 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3EBD8D16  Ack: 0x6A4EC481  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-11:03:09.930915 24.148.65.68:1290 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:21870 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA88B2C88  Ack: 0xF97D42D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-11:03:09.936577 24.148.65.68:1290 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:21871 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA88B323C  Ack: 0xF97D42D9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-11:45:30.429260 66.196.65.24:13834 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:34524 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD56142F2  Ack: 0x995E0DBE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:10.087693 24.61.174.158:51146 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:39258 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x87EB288  Ack: 0xC6FDD6E7  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:12.887380 24.61.174.158:51146 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:39868 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x87EB288  Ack: 0xC6FDD6E7  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.203565 24.61.174.158:51487 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40482 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x993928B  Ack: 0xC6DE79AB  Win: 0x2000  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.585326 24.61.174.158:51528 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40595 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9B452CE  Ack: 0xC6A393CE  Win: 0x2000  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]