SnortSnarf alert page

Destination: 192.168.1.6: #901-1000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 10:25:09.464457 on 04/27/2003
Latest: 05:56:20.870192 on 04/28/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-10:25:09.464457 24.136.220.9:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:57504 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xF453F146  Ack: 0xA42B5B8C  Win: 0xFFFF  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:00:28.602058 209.237.238.172:40145 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54185 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE361D886  Ack: 0x2A416BFE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75565870 864161000 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:15.917815 24.91.112.149:1653 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16213 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD3F4B572  Ack: 0x3FF83E49  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:17.062882 24.91.112.149:1669 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16304 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD4069A36  Ack: 0x40A43271  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:17.895825 24.91.112.149:1681 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16375 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD411425A  Ack: 0x403E98E4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:18.456344 24.91.112.149:1694 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16433 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD41E1FE2  Ack: 0x40B6A532  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:18.760647 24.91.112.149:1703 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16476 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD427515A  Ack: 0x403BB83E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:06:19.166501 24.91.112.149:1714 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16516 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD430AF9B  Ack: 0x40A335E0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-11:06:19.734162 24.91.112.149:1729 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16581 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD43CB5BC  Ack: 0x404B6178  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:20.656683 24.91.112.149:1744 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:16662 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD44CBDEA  Ack: 0x40664873  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:21.580380 24.91.112.149:1751 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:20641 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD453FE96  Ack: 0x410D0761  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:25.651933 24.91.112.149:1834 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:61049 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD4A109D7  Ack: 0x412ABA59  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:32.653898 24.91.112.149:1928 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:10924 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD501124E  Ack: 0x41B7AA8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:42.715585 24.91.112.149:2146 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11837 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD5D1A4A9  Ack: 0x4174F9A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:43.255989 24.91.112.149:2162 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:11935 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD5E06161  Ack: 0x421F63F0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:53.710055 24.91.112.149:2289 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13115 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD65C839D  Ack: 0x4279A162  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:54.242587 24.91.112.149:2400 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13207 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD6B7C225  Ack: 0x4268D44E  Win: 0x4470  TcpLen: 20

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-11:06:55.970445 24.91.112.149:2172 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x42346ECA  Ack: 0xD5EB008C  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-12:37:46.976000 66.196.65.24:42800 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:57044 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF8F5EE5B  Ack: 0x99915E2B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:33.950010 24.204.108.61:4608 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49048 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE5C9D660  Ack: 0x9625E53D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:34.653713 24.204.108.61:4613 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49065 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE5D03306  Ack: 0x956D2EC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:34.990126 24.204.108.61:4622 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49078 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5D5658C  Ack: 0x9599728B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:35.257927 24.204.108.61:4625 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49094 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5D8F1BC  Ack: 0x95471D78  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:35.536388 24.204.108.61:4630 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49105 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5DD5C5E  Ack: 0x95ADCE9E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-13:44:35.863088 24.204.108.61:4634 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49118 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE5E18E1B  Ack: 0x961DD2C1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-13:44:39.407550 24.204.108.61:4668 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49225 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6078C61  Ack: 0x96365836  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:39.682278 24.204.108.61:4670 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49237 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE609D646  Ack: 0x95DA9181  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:39.950228 24.204.108.61:4676 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49247 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE60F2403  Ack: 0x95A7C0B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:43.421735 24.204.108.61:4710 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE6338464  Ack: 0x9601CAE9  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:43.734815 24.204.108.61:4712 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49338 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE635CC42  Ack: 0x965D794E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:47.288762 24.204.108.61:4761 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE666119B  Ack: 0x963BCC3A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:47.640208 24.204.108.61:4768 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49512 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE66CA2CB  Ack: 0x96666610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:50.643414 24.204.108.61:4768 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49601 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE66CA2CB  Ack: 0x96666610  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:50.869188 24.204.108.61:4800 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49616 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE690AB68  Ack: 0x971CC3C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:51.120419 24.204.108.61:4807 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49626 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE696A007  Ack: 0x96BB3C61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-13:44:51.455549 24.204.108.61:4810 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE69A1805  Ack: 0x965E2B46  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.460018 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58060 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA424FE9  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.506126 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58061 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA42559D  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.648796 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2623  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.675970 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2BD7  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:07:29.409654 24.214.6.207:3701 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35770 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCFF799C  Ack: 0xCF5EC2D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:07:29.481328 24.214.6.207:3701 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:35771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDCFF7F50  Ack: 0xCF5EC2D2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.809055 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE322B8  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.819375 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3286C  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:45:10.567517 24.148.1.42:2541 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:16304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0993D6  Ack: 0x5CFB2759  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:45:10.571594 24.148.1.42:2541 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:16305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD09998A  Ack: 0x5CFB2759  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:50:26.626821 209.237.238.161:2711 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23878 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE8445187  Ack: 0x5442C991  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 124930466 874915549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:51:08.814456 209.237.238.174:54358 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:6655 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF5318C3  Ack: 0x56E14A03  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77660490 874937173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:59:17.809422 209.237.238.172:54196 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:165
***AP*** Seq: 0x76640286  Ack: 0x2FDDD8E7  Win: 0x16A0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.456394 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A1A8  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.491412 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A75C  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-17:02:35.688871 209.237.238.173:44535 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:46614 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3B35B8FB  Ack: 0x826A53C5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77729531 875288961 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-17:05:00.897284 209.237.238.175:45680 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:48859 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x452302EA  Ack: 0x8B6A1BA6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77446207 875363325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:25:56.707354 24.174.84.225:3810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29588 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBFC1BE  Ack: 0xDA37197B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:25:56.736354 24.174.84.225:3810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:29589 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CBFC772  Ack: 0xDA37197B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.452709 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A86D4  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.471079 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A8C88  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:32:40.330684 209.237.238.159:4048 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58181 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x4978DFFA  Ack: 0xD5BF26FF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675572179 878056418 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:56:54.675090 209.237.238.174:59325 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54378 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xEAF050DB  Ack: 0x32552542  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78415039 878801930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:58:42.779878 209.237.238.172:49107 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:57709 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF22032CB  Ack: 0x38CFFD09  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78435245 878857301 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:05:08.326875 209.237.238.173:49653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61780 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FBB4F0  Ack: 0x50481E34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78464765 879054731 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:08:51.418253 209.237.238.172:50122 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23181 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x19119BEC  Ack: 0x5E5C8837  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78496108 879169027 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:16:11.308261 209.237.238.174:59635 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:49093 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3412F7BF  Ack: 0x7AE8E287  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78530696 879394330 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:17:14.913957 209.237.238.173:47041 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:5864 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x38FC745A  Ack: 0x7ED6D6CF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78537421 879426898 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:19:59.301973 209.237.238.161:2644 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:27647 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x855E8A27  Ack: 0x881EE7DE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 125827598 879511069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:24:05.600180 209.237.238.175:45254 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:4085 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x527A7831  Ack: 0x97DD510D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78280654 879637250 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:31:28.930232 209.237.238.159:4669 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:53328 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9980A70B  Ack: 0xB47E1E97  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 675924985 879864304 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.883528 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29521 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B1C4  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.901903 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B778  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:06.119424 24.50.102.88:2543 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:53799 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x72AF02F4  Ack: 0x4E02013A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:13.680103 24.50.102.88:2817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:54961 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7389A7B8  Ack: 0x4E81EB1C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:14.106274 24.50.102.88:3040 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55022 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x742DCF3B  Ack: 0x4E181778  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:17.803035 24.50.102.88:3076 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:55659 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x744ABFDD  Ack: 0x4E4E260F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:21.055475 24.50.102.88:3295 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56227 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x74FD24B9  Ack: 0x4ED66D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:24.739244 24.50.102.88:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:56802 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x762D2D82  Ack: 0x4F592C08  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:27.822421 24.50.102.88:3700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57253 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x762D2D82  Ack: 0x4F592C08  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-20:12:28.656980 24.50.102.88:3893 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x76C23C64  Ack: 0x4F4ACF18  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:32.867994 24.50.102.88:4106 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:57872 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x775FD950  Ack: 0x4F778BDA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:43.316118 24.50.102.88:1067 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59513 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7961B39B  Ack: 0x503C9154  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:43.947969 24.50.102.88:1096 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x797A7AE8  Ack: 0x505BECB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:48.509132 24.50.102.88:1340 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60278 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A3F7D73  Ack: 0x50AE46E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:49.192225 24.50.102.88:1389 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60404 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A662446  Ack: 0x50FF6DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:49.846839 24.50.102.88:1437 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60508 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A8DCB84  Ack: 0x50329683  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:12:50.498639 24.50.102.88:1479 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60611 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7AAC433A  Ack: 0x5110EFB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:13:00.321437 24.50.102.88:2075 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62117 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C856351  Ack: 0x511CCCFF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.940019 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9E923  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.983888 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9EED7  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-22:01:19.506289 24.129.65.245:2391 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B307A11  Ack: 0xEB3E8916  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-22:01:19.507676 24.129.65.245:2391 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:39831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B307FC5  Ack: 0xEB3E8916  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:06:00.219555 209.237.238.161:2858 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61877 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x5B3F5C7C  Ack: 0xDF6AC9E4  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 127183485 886456577 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:07:56.251188 209.237.238.174:53270 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:9100 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FAD5C5D  Ack: 0xE5E943E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79921122 886516025 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:12:23.746800 209.237.238.173:36092 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32436 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB012977A  Ack: 0xF73A41A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79948246 886653031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:17:04.989257 209.237.238.172:43405 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32544 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC1E5040B  Ack: 0x9110D90  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79985443 886797055 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:27:55.925589 64.68.82.37:17175 -> 192.168.1.6:80
TCP TTL:50 TOS:0x10 ID:12235 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xE9BDFB5F  Ack: 0x313C1BB1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 527685024 887129170 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:31:48.032855 209.237.238.175:37194 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:9207 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF98506C9  Ack: 0x40EFBE2F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79766857 887249343 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:33:02.939420 209.237.238.174:42313 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:31199 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFE70B588  Ack: 0x44C93567  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80071783 887287698 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-02:13:19.536753 24.77.17.60:2989 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x97690AEE  Ack: 0xA2AD315C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-02:13:19.600692 24.77.17.60:2989 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x976910A2  Ack: 0xA2AD315C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-03:45:14.815259 209.237.238.159:3419 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:60422 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x47090D42  Ack: 0xFE94E08A  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 678887118 895037794 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-05:56:20.870192 159.134.176.59:4279 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x67C98747  Ack: 0xEC626288  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]