[Silicon Defense logo]

SnortSnarf alert page

Source: 24.114.19.203

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 04:58:06.605152 on 05/24/2003
Latest: 04:59:26.473533 on 05/24/2003

6 different signatures are present for 24.114.19.203 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.114.19.203 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:06.605152 24.114.19.203:4080 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11579DD0 Ack: 0x1BEFD53E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:09.295326 24.114.19.203:4112 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47869 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11790762 Ack: 0x1BE88871 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:20.611829 24.114.19.203:4260 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48511 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1213CBDC Ack: 0x1C1F6FF0 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:23.071964 24.114.19.203:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48637 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1232E76E Ack: 0x1C09AC29 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:34.963194 24.114.19.203:4432 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49280 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12C8EAB1 Ack: 0x1D970679 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/24-04:58:47.011496 24.114.19.203:4587 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49968 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x136B2BD9 Ack: 0x1E351D88 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/24-04:58:49.140130 24.114.19.203:4615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50098 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1388F595 Ack: 0x1E5B0EC9 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:58:51.633884 24.114.19.203:4641 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50233 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x13A28E85 Ack: 0x1E76AE0C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:00.608315 24.114.19.203:4721 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13F68408 Ack: 0x1F0C3B74 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:02.880153 24.114.19.203:4790 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50873 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x143D5DD9 Ack: 0x1F309CFE Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:05.446468 24.114.19.203:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51018 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1457A370 Ack: 0x1E93C12D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:07.548620 24.114.19.203:4849 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51145 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x147BA846 Ack: 0x1F408823 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:10.074806 24.114.19.203:4875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51289 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1495FE05 Ack: 0x1EE11DEA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:12.124791 24.114.19.203:4925 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51418 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x14BA0CB9 Ack: 0x1F0887E5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:14.587178 24.114.19.203:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x14D44904 Ack: 0x1FD5D0B2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-04:59:26.473533 24.114.19.203:3136 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x156A0836 Ack: 0x20262B42 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003