SnortSnarf alert page

Destination: 192.168.1.6: #801-900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:09:02.889132 on 04/26/2003
Latest: 10:25:09.443757 on 04/27/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:02.889132 24.203.10.194:4497 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38622 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF30697AD  Ack: 0xEDB66F51  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:03.096526 24.203.10.194:4500 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38642 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF309D6F2  Ack: 0xED9CA4C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:06.786754 24.203.10.194:4539 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF333A34C  Ack: 0xEE1BEB36  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-12:09:06.988270 24.203.10.194:4542 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF3368B41  Ack: 0xEDB85FA5  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-12:09:07.200795 24.203.10.194:4547 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38765 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF33AE7C2  Ack: 0xEDB1B216  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.384065 24.203.10.194:4551 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38774 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF33E5E92  Ack: 0xEE28C852  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.634417 24.203.10.194:4554 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38788 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF34102DD  Ack: 0xEDBEFA7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.826481 24.203.10.194:4559 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38800 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF34597BA  Ack: 0xEDCE8ABE  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:07.995643 24.203.10.194:4562 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF347E533  Ack: 0xED7ACD59  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.394008 24.203.10.194:4600 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF3700F00  Ack: 0xED7D5399  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.598532 24.203.10.194:4601 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38934 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF371B601  Ack: 0xEE55E923  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:11.784292 24.203.10.194:4604 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF374F22B  Ack: 0xEDF8F8B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:14.737910 24.203.10.194:4604 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39325 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF374F22B  Ack: 0xEDF8F8B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:14.933386 24.203.10.194:4698 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39331 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF3C637B4  Ack: 0xEE3DC3E9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:09:18.467491 24.203.10.194:4746 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39484 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF3F6EC43  Ack: 0xEE66AF1D  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-13:33:58.393128 209.237.238.158:4076 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:8919 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAD798A11  Ack: 0x2E643EB7  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 664721590 824626467 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:15.711387 24.148.73.90:2090 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE692FFA5  Ack: 0xA1031CEE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:18.028588 24.148.73.90:2148 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44774 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6C7ED2C  Ack: 0xA02D17E3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:23.063256 24.148.73.90:2396 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE78FF7D3  Ack: 0xA0F2471D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:25.231601 24.148.73.90:2438 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45956 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE7B7073F  Ack: 0xA1910EC7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:29.912168 24.148.73.90:2699 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8857F7E  Ack: 0xA16D01C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:04:31.519352 24.148.73.90:2874 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46908 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE911CF1D  Ack: 0xA1DE5414  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:04:33.470998 24.148.73.90:2917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE9367F71  Ack: 0xA11B513A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:35.212085 24.148.73.90:2994 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47575 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE973FF11  Ack: 0xA1EA19E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:36.714761 24.148.73.90:3134 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47714 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9E25415  Ack: 0xA1851790  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-14:04:38.561346 24.148.73.90:3170 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:48025 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA02D1D0  Ack: 0xA1875ACC  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-14:37:35.682224 216.39.50.114:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35166 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDBA60100  Ack: 0x1F116294  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 405178800 826581568 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/26-17:02:20.038718 216.26.174.110:80 -> 192.168.1.6:59821
TCP TTL:111 TOS:0x0 ID:989 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E9445AF  Ack: 0x41F1CA31  Win: 0xF95D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 6820121 831029448

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-17:49:43.405511 66.196.65.24:19738 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:16765 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD501710E  Ack: 0xF43E6D6C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-19:37:48.194949 64.68.82.34:32493 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:58480 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x47763EDA  Ack: 0x8C8E093F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 517659605 835805644 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-19:48:38.364874 24.100.46.121:3702 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:49688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89E9A2F5  Ack: 0xB5146F48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-19:48:38.429211 24.100.46.121:3702 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:49689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89E9A8A9  Ack: 0xB5146F48  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.512031 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DB6E8  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.543101 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DBC9C  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:18:06.878781 24.209.37.151:3130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2103 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDDCB3CA  Ack: 0xEA340DD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:18:06.929340 24.209.37.151:3130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2104 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBDDCB97E  Ack: 0xEA340DD3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.689940 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE23679EE  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.713916 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE2367FA2  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:47:54.415101 24.44.2.165:3809 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11674B9A  Ack: 0x5B626E02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:03.994523 24.44.2.165:3919 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:65256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11D9B716  Ack: 0x5BF2A4BA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.121455 24.44.2.165:3957 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12027922  Ack: 0x5B6730B1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.250051 24.44.2.165:3960 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1204A09D  Ack: 0x5C223A94  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.371094 24.44.2.165:3961 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:640 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1205FD17  Ack: 0x5B2AF64D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:10.486811 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3515 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.346679 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4890 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.623816 24.44.2.165:4037 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12553F17  Ack: 0x5C1D1411  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.740254 24.44.2.165:4040 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5080 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x12582011  Ack: 0x5B993493  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.861361 24.44.2.165:4041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12596D8A  Ack: 0x5B920D49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:16.964851 24.44.2.165:4080 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:6568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1281A2D2  Ack: 0x5BBF8CF2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.120313 24.44.2.165:4112 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A4DEBC  Ack: 0x5CBC9489  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.282620 24.44.2.165:4115 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A73A18  Ack: 0x5C22F7F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.462504 24.44.2.165:4118 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8188 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x12AA47C0  Ack: 0x5CB255F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.595268 24.44.2.165:4124 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8198 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12AF6A5E  Ack: 0x5C603979  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.725804 24.44.2.165:4125 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8208 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x12B0F8B4  Ack: 0x5CF4D7FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:23.842347 24.44.2.165:4164 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8284 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12D6A816  Ack: 0x5D1AEB74  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.400236 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311090  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.430654 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311644  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-23:40:12.825729 66.237.60.23:4552 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:18539 IpLen:20 DgmLen:78 DF
***AP*** Seq: 0xC351FB75  Ack: 0x1FB87E93  Win: 0xE240  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1380123933 843256376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.427920 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E63A9  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.458144 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E695D  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:18.761864 24.71.47.173:3046 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59034 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB92D7663  Ack: 0x91B4169B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:19.367714 24.71.47.173:3069 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59156 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB93F95F2  Ack: 0x9190629F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:19.830571 24.71.47.173:3081 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB949A128  Ack: 0x915B2298  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:20.202694 24.71.47.173:3095 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59322 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB955A557  Ack: 0x923DC820  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:20.564357 24.71.47.173:3104 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59487 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB95DC689  Ack: 0x920833CF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-00:10:20.986351 24.71.47.173:3115 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59563 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB967F4CF  Ack: 0x91627D35  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-00:10:21.318596 24.71.47.173:3128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59630 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB972D773  Ack: 0x92445339  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:21.681469 24.71.47.173:3134 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB978AE51  Ack: 0x9231947C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:22.012004 24.71.47.173:3146 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59785 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9828FC7  Ack: 0x923CBA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:24.929599 24.71.47.173:3146 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60340 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9828FC7  Ack: 0x923CBA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:25.680210 24.71.47.173:3259 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60491 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9E4E4FC  Ack: 0x926D609F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:29.393922 24.71.47.173:3412 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61322 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA5FA531  Ack: 0x9207D233  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:29.749761 24.71.47.173:3426 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA6B04D7  Ack: 0x91D8863C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:10:33.319251 24.71.47.173:3545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:62394 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBAD3B55B  Ack: 0x92899211  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.264819 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB76DF  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.294652 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43517 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB7C93  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:21:21.842009 24.209.37.151:2293 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:59220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60F124D2  Ack: 0x9E6E0897  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:21:21.884479 24.209.37.151:2293 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:59221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60F12A86  Ack: 0x9E6E0897  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:29:45.269897 24.217.19.177:4652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27067 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7628262C  Ack: 0xBECCB339  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-01:29:45.275668 24.217.19.177:4652 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27068 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76282BE0  Ack: 0xBECCB339  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-02:38:55.763481 24.98.68.183:1882 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:65203 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97B2EF26  Ack: 0xC3BC43F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-02:38:55.771511 24.98.68.183:1882 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:65204 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97B2F4DA  Ack: 0xC3BC43F4  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:30.757901 24.153.56.26:3531 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56578 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x14CC7422  Ack: 0xCA3F0555  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:33.075029 24.153.56.26:3558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56775 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x14E907E9  Ack: 0xCA2D0000  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:34.909260 24.153.56.26:3586 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56929 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x15041BDF  Ack: 0xCAA86570  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:36.759486 24.153.56.26:3610 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57080 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x151D7234  Ack: 0xCACF24CA  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:42.019025 24.153.56.26:3682 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x15647820  Ack: 0xCAC074C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-03:48:43.902271 24.153.56.26:3710 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:57647 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1580094D  Ack: 0xCAD72B33  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-03:48:49.155417 24.153.56.26:3779 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58067 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15C78573  Ack: 0xCB2846F8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:54.285947 24.153.56.26:3852 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58482 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x16106E6B  Ack: 0xCBE63DA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:56.300756 24.153.56.26:3873 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58615 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x162A9B90  Ack: 0xCC29ADE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:48:58.030526 24.153.56.26:3902 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:58748 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1644709E  Ack: 0xCBBC47C4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:03.245404 24.153.56.26:3969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59148 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1687B2D8  Ack: 0xCC33330A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:05.024645 24.153.56.26:3989 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x169C7153  Ack: 0xCBE9F2CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:06.857539 24.153.56.26:4007 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59457 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x16B025F3  Ack: 0xCCB1E227  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:11.574056 24.153.56.26:4077 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59840 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x16F2F664  Ack: 0xCCCC80E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:13.265682 24.153.56.26:4112 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:59979 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1713EBB8  Ack: 0xCC7FA76A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-03:49:18.538127 24.153.56.26:4183 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:60424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x175D66C5  Ack: 0xCCDF8BC2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-04:21:38.445682 66.77.73.64:1576 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:59582 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0x43EBCB1E  Ack: 0x4849365B  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 152279586 851904697 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-10:25:09.443757 24.136.220.9:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:57503 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xF453EC12  Ack: 0xA42B5B8C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]