SnortSnarf alert page

Destination: 192.168.1.6: #7601-7700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:05:15.778554 on 06/15/2003
Latest: 15:17:01.916735 on 06/16/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.778554 24.61.174.158:51584 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40726 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DE5A58  Ack: 0xC6D52171  Win: 0x2000  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:15.987600 24.61.174.158:51596 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40780 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E7BDE7  Ack: 0xC6F57116  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-13:05:16.374129 24.61.174.158:51604 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40928 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9EF2B54  Ack: 0xC6FE5CDB  Win: 0x2000  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-13:05:16.556527 24.61.174.158:51678 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:40965 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA2AA0C3  Ack: 0xC685F21C  Win: 0x2000  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:17.280962 24.61.174.158:51707 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:41127 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA42B0D2  Ack: 0xC6B1294C  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:17.966373 24.61.174.158:51761 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:41302 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA6E2170  Ack: 0xC7788848  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:21.757095 24.61.174.158:51807 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42233 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9213E3  Ack: 0xC7066DB2  Win: 0x2000  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:22.732403 24.61.174.158:52060 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5DA702  Ack: 0xC79FFD33  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.078847 24.61.174.158:52099 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42569 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7C9B4C  Ack: 0xC70A3DBE  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.479031 24.61.174.158:52130 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42691 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB960537  Ack: 0xC744F303  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:23.642734 24.61.174.158:52155 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:42811 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBAA4715  Ack: 0xC709D13A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:26.721590 24.61.174.158:52155 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43656 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBAA4715  Ack: 0xC709D13A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:26.978427 24.61.174.158:52411 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43757 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC79343B  Ack: 0xC8090282  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-13:05:27.737089 24.61.174.158:52456 -> 192.168.1.6:80
TCP TTL:14 TOS:0x0 ID:43974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC9CAC45  Ack: 0xC7AEF965  Win: 0x2000  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-14:18:40.040557 24.217.85.28:1884 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57871 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3CFF63E  Ack: 0xDCA89487  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-14:18:40.111092 24.217.85.28:1884 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57872 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3CFFBF2  Ack: 0xDCA89487  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.631497 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED41C13  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.660073 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED421C7  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:39:24.368044 24.130.75.129:3365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B58E820  Ack: 0xD14BB6FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:39:24.376172 24.130.75.129:3365 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61854 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B58EDD4  Ack: 0xD14BB6FE  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-18:57:00.495531 24.238.141.78:1652 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0350811  Ack: 0xF7B0D3C4  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-18:57:00.526317 24.238.141.78:1652 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:16005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0350DC5  Ack: 0xF7B0D3C4  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:54.655419 24.66.107.87:2222 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:15610 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCCFFFB29  Ack: 0x191D28FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:55.741383 24.66.107.87:2243 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16134 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD12BDB2  Ack: 0x19AC532C  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:56.329870 24.66.107.87:2251 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16429 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD18875B  Ack: 0x1958BF56  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:57.149802 24.66.107.87:2259 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17011 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD230836  Ack: 0x1980C468  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:57.464399 24.66.107.87:2264 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17203 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD273E9B  Ack: 0x19772025  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-20:13:57.838433 24.66.107.87:2271 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17400 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD2EAE89  Ack: 0x197524EA  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-20:13:58.314749 24.66.107.87:2279 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17777 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD3532B7  Ack: 0x19FFFB5F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:58.755518 24.66.107.87:2285 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD3BCB6A  Ack: 0x1A13EF29  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.044882 24.66.107.87:2293 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD440713  Ack: 0x19391D00  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.415131 24.66.107.87:2303 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18551 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD4A1E8A  Ack: 0x19C2B6AE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:13:59.909838 24.66.107.87:2307 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:18840 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD4ECD37  Ack: 0x19F027C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:00.426075 24.66.107.87:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19045 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD568261  Ack: 0x19B1482B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:00.967069 24.66.107.87:2323 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19330 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCD5E8F9D  Ack: 0x19B92FE9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.238639 24.66.107.87:2329 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19522 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD63D686  Ack: 0x1A2A2447  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.494864 24.66.107.87:2333 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:19804 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCD6867CF  Ack: 0x1A00CA13  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-20:14:01.902742 24.66.107.87:2336 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:20082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD6C053E  Ack: 0x1A2C59DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:42.215100 24.209.11.98:3873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4016 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E346F75  Ack: 0x1DE91BF7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:44.561369 24.209.11.98:3910 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4211 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E59702C  Ack: 0x1DF5DE91  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:46.776513 24.209.11.98:3936 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E75078B  Ack: 0x1E348214  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:49.025158 24.209.11.98:3969 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E95674B  Ack: 0x1E033859  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:51.753485 24.209.11.98:4002 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4817 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3EB934B8  Ack: 0x1E4DD034  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:53.782923 24.209.11.98:4033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3ED85E9E  Ack: 0x1E409BEE  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:55.904657 24.209.11.98:4062 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5194 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EF55F75  Ack: 0x1E68C7A0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:57.682072 24.209.11.98:4090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5361 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3F129CD5  Ack: 0x1E765140  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:59.412556 24.209.11.98:4114 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5504 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F2B5FF3  Ack: 0x1E1FF786  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:01.824047 24.209.11.98:4141 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F45F33B  Ack: 0x1E5C6926  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:04.178999 24.209.11.98:4173 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F66A7F4  Ack: 0x1F01165B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:09.141683 24.209.11.98:4206 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F8767FA  Ack: 0x1F5FAAA1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:11.225193 24.209.11.98:4278 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FD077BC  Ack: 0x1F03FE28  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:13.650602 24.209.11.98:4306 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FEE00C1  Ack: 0x1F49FF33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:15.957503 24.209.11.98:4338 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6956 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x400F6DB9  Ack: 0x1F9BD6EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:18.045480 24.209.11.98:4370 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:7162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x402F8886  Ack: 0x1F47AF26  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:32.624187 24.209.11.98:2799 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDD4CE94E  Ack: 0xFD22189F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:35.213768 24.209.11.98:2833 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32601 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDD710192  Ack: 0xFDEA9D54  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:40.314609 24.209.11.98:2862 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32851 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDD8EA437  Ack: 0xFDBDA71B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:45.661120 24.209.11.98:2924 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33166 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDDD0DC1D  Ack: 0xFDC60C71  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:47.940246 24.209.11.98:2994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDE18ED22  Ack: 0xFE6AEB13  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:50.752879 24.209.11.98:3031 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE3F53A8  Ack: 0xFEA63CEF  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:53.019536 24.209.11.98:3060 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33593 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE5DC117  Ack: 0xFF2D58D3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:58.168521 24.209.11.98:3090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33932 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDE7AED4D  Ack: 0xFEB4257A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:00.552635 24.209.11.98:3163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEC4A493  Ack: 0xFF067899  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:02.598018 24.209.11.98:3197 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEE83ECC  Ack: 0xFF211A01  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:04.795970 24.209.11.98:3227 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF05D045  Ack: 0xFFCE412C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:06.961452 24.209.11.98:3259 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF21DE20  Ack: 0xFF0F83F5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:09.386839 24.209.11.98:3286 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34609 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF3F36D4  Ack: 0xFFB8BB06  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:11.748601 24.209.11.98:3320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF6009B5  Ack: 0x53F0BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:13.932918 24.209.11.98:3347 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34868 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDF7D62DD  Ack: 0x789138  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:16.237531 24.209.11.98:3376 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34987 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF9ADF91  Ack: 0xFFEA4958  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-05:17:02.986343 66.196.65.24:42979 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:8194 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE0032E3B  Ack: 0x1D05D633  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:45.526275 24.189.230.118:4982 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23675 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA08965F2  Ack: 0xE5BC8FBD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:45.938530 24.189.230.118:4998 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23706 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA091FD19  Ack: 0xE5AAE445  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.202185 24.189.230.118:1032 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23730 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA096C9B0  Ack: 0xE5A4E1A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.350625 24.189.230.118:1044 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA09E5941  Ack: 0xE4F2A375  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.464094 24.189.230.118:1052 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23772 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0A47B6F  Ack: 0xE5A823F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-07:17:46.590757 24.189.230.118:1057 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23790 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0A899CF  Ack: 0xE5405310  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-07:17:46.744144 24.189.230.118:1068 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23820 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0B16A60  Ack: 0xE554E867  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-07:17:46.880343 24.189.230.118:1073 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23847 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0B5DE55  Ack: 0xE53E79B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-11:00:13.485247 66.196.65.24:16727 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:17790 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB0F6AAEE  Ack: 0x2D665084  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:08:13.655075 66.196.65.24:21309 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:34228 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC18AFFCD  Ack: 0x2E4113D7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.719775 24.209.11.98:2110 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52359 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x704127B4  Ack: 0x939E9692  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.905907 24.209.11.98:2116 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52375 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x70466EFE  Ack: 0x93A3771A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.988813 24.209.11.98:2118 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52388 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7047FB8D  Ack: 0x93614475  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.052967 24.209.11.98:2120 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x704A2D9A  Ack: 0x93F7BFFF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.127859 24.209.11.98:2123 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52407 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x704CEB90  Ack: 0x940A3F25  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.186129 24.209.11.98:2124 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52417 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704DD95F  Ack: 0x9383DA77  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.252236 24.209.11.98:2126 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52428 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704FA775  Ack: 0x9360CDF2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.349579 24.209.11.98:2127 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52438 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7050D891  Ack: 0x9405AC9A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.413918 24.209.11.98:2130 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70539412  Ack: 0x9379FB97  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.474835 24.209.11.98:2135 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52464 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70571DE8  Ack: 0x93C3B828  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.542218 24.209.11.98:2139 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52478 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7059FE6A  Ack: 0x941093F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.637727 24.209.11.98:2144 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52497 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x705E4D79  Ack: 0x93692A52  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.198925 24.209.11.98:2163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52577 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x706ECCDE  Ack: 0x94007E26  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.282147 24.209.11.98:2166 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52591 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7070B66D  Ack: 0x937FDCC0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.338587 24.209.11.98:2169 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52600 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x70733B18  Ack: 0x93F09900  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.440310 24.209.11.98:2172 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52617 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70763173  Ack: 0x939E69F9  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-13:23:38.670240 24.112.177.163:2717 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0C57E3D  Ack: 0x4B7E7581  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-13:23:38.702850 24.112.177.163:2717 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34511 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0C583F1  Ack: 0x4B7E7581  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-15:17:01.916735 66.196.65.24:17974 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:23309 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4EF0FA9  Ack: 0xF80B09E7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]