SnortSnarf alert page

Destination: 192.168.1.6: #7701-7770

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:44:25.050301 on 06/16/2003
Latest: 08:22:04.099641 on 06/17/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-16:44:25.050301 24.125.71.226:1320 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45926 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CDA86C6  Ack: 0x41BC72BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-16:44:25.080112 24.125.71.226:1320 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CDA8C7A  Ack: 0x41BC72BF  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.875386 24.209.11.98:2441 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42379 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7E29A11F  Ack: 0x9DD52E64  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.987602 24.209.11.98:2443 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42397 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7E2BC9AD  Ack: 0x9E838325  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.064343 24.209.11.98:2446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42410 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E2E86DF  Ack: 0x9E0AA9C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.136732 24.209.11.98:2449 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42420 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E3091A8  Ack: 0x9DDE9B95  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.226978 24.209.11.98:2451 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E327563  Ack: 0x9E641A47  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.303470 24.209.11.98:2453 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42442 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E34668F  Ack: 0x9E3F8D75  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.377991 24.209.11.98:2457 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E38126D  Ack: 0x9E7F5510  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.442103 24.209.11.98:2460 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42470 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7E3AC382  Ack: 0x9E76E1B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.528828 24.209.11.98:2463 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42483 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3D2E59  Ack: 0x9E9361AC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.595689 24.209.11.98:2465 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3ED7A6  Ack: 0x9E7436FC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.655587 24.209.11.98:2468 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42507 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E41985A  Ack: 0x9DAB3A4E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.733689 24.209.11.98:2471 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42514 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E44CB0A  Ack: 0x9E51BA81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.800519 24.209.11.98:2473 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42526 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7E4644A8  Ack: 0x9E7C2221  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.843700 24.209.11.98:2476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E48B997  Ack: 0x9E2CCCA8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.886655 24.209.11.98:2477 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42543 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7E49AD79  Ack: 0x9E523942  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:53.433550 24.209.11.98:2487 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42599 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E52F9FE  Ack: 0x9DB177B3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:26:08.740931 66.196.65.24:46210 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:35895 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC308CDA9  Ack: 0xDF56908F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:07.699804 24.237.65.167:4738 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1D8DF12F  Ack: 0x8D9A6CB9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:17.809054 24.237.65.167:1485 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11462 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F2C60A6  Ack: 0x8DBC2C26  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:27.540242 24.237.65.167:1992 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12917 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20BC2185  Ack: 0x8E8FFA02  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:36.876096 24.237.65.167:2473 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14327 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x22396A44  Ack: 0x8F1D72F2  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-18:12:46.594925 24.237.65.167:2983 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15809 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x23CF1E4C  Ack: 0x8F51FBA8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-18:12:56.343619 24.237.65.167:3486 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17297 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x256205DC  Ack: 0x8F8C651E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-19:37:44.710463 66.196.65.24:20516 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:971 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6885D947  Ack: 0xD0888AA4  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:51.884392 24.209.11.98:1914 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x21167128  Ack: 0x61582860  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.328517 24.209.11.98:1927 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x21223A3B  Ack: 0x61886D44  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.900103 24.209.11.98:1934 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10732 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2128F319  Ack: 0x613DF7A7  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:53.441534 24.209.11.98:1945 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21331DC4  Ack: 0x614DC68B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:54.100221 24.209.11.98:1951 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x213A57AB  Ack: 0x6128CD3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-20:15:59.224069 24.209.11.98:2016 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11316 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x217BC8E8  Ack: 0x61EF7048  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:00.388443 24.209.11.98:2038 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11422 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2193D263  Ack: 0x612E9E1F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:01.555493 24.209.11.98:2052 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11518 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21A17B9E  Ack: 0x6164E20A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:02.453477 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11606 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21AFF80F  Ack: 0x61385181  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.299307 24.209.11.98:2078 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11687 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21BCC269  Ack: 0x61C02D95  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.928970 24.209.11.98:2092 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11753 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21CA674D  Ack: 0x61C0F328  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:04.661904 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11828 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:07.769213 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12109 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:14.652634 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:17.261124 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:18.772443 24.209.11.98:2304 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13103 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x229CD6D4  Ack: 0x62BA1C3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:19.441718 24.209.11.98:2322 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13195 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22AE06D6  Ack: 0x62FD4926  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:29:53.464037 24.27.99.244:2578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB8D0692  Ack: 0x9552F1B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:29:53.496939 24.27.99.244:2578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB8D0C46  Ack: 0x9552F1B0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-22:17:54.996577 66.196.65.24:2445 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:41724 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAA884D4E  Ack: 0x2D4989DB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-23:04:28.706930 64.158.138.48:60801 -> 192.168.1.6:80
TCP TTL:52 TOS:0x0 ID:22158 IpLen:20 DgmLen:257 DF
***AP*** Seq: 0x9DC6585  Ack: 0xDE9C0735  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 632728135 3099019528 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-02:39:17.316411 66.196.65.24:3811 -> 192.168.1.6:80
TCP TTL:230 TOS:0x0 ID:58955 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3FCA44E  Ack: 0x9533411  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-03:47:13.898725 24.118.69.183:1619 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14DC4E13  Ack: 0xA1B6FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-03:47:13.907582 24.118.69.183:1619 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:63955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14DC53C7  Ack: 0xA1B6FCD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:55.485643 24.209.11.98:1728 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16745 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4E7D47  Ack: 0xEB73AEB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:56.419521 24.209.11.98:1746 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16876 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5E7ADF  Ack: 0xEBA24422  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:57.622876 24.209.11.98:1766 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17044 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA72754D  Ack: 0xEB4FF883  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:58.470371 24.209.11.98:1781 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17181 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA7F2152  Ack: 0xEB911DAF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:59.352345 24.209.11.98:1791 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17299 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA89EAF1  Ack: 0xEBA84CFF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:00.487861 24.209.11.98:1804 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17464 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA9661F8  Ack: 0xEBAF7B33  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:01.477836 24.209.11.98:1843 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17599 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB66683  Ack: 0xEB8DD97D  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.268221 24.209.11.98:1856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17690 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAC35E16  Ack: 0xEB83CDB9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.893516 24.209.11.98:1866 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17787 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xACE2EBE  Ack: 0xEBDC5630  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:03.716509 24.209.11.98:1873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD5C399  Ack: 0xEBC9C4D3  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:04.836177 24.209.11.98:1888 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE29483  Ack: 0xEBB1C5AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:05.780138 24.209.11.98:1928 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18173 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03AD40  Ack: 0xEBE8261F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:06.858831 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18305 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:09.568860 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18652 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:10.807145 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:13.800282 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:14.753241 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB87092E  Ack: 0xEC602BB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:15.591833 24.209.11.98:2094 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19448 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EB384  Ack: 0xECE35A7E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-05:27:31.339235 66.196.65.24:55554 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:59153 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69DBABC4  Ack: 0x84763DDC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-08:22:04.099641 66.196.65.24:42941 -> 192.168.1.6:80
TCP TTL:239 TOS:0x0 ID:44793 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBE08BF6A  Ack: 0xD4D56DCD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]