SnortSnarf alert page

Source: 24.126.82.22

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

49 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:41:43.729225 on 05/19/2003
Latest: 03:51:31.145474 on 05/29/2003

6 different signatures are present for 24.126.82.22 as a source

3 instances of WEB-IIS _mem_bin access
3 instances of WEB-FRONTPAGE /_vti_bin/ access
8 instances of WEB-IIS CodeRed v2 root.exe access
8 instances of WEB-IIS multiple decode attempt
12 instances of WEB-IIS cmd.exe access
15 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.126.82.22 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:41:43.729225 24.126.82.22:4859 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:56548 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x950A5CC9  Ack: 0x71294DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:30.203494 24.126.82.22:2614 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62913 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9AB6735A  Ack: 0x738E909E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:31.241232 24.126.82.22:2662 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63066 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9ADC4578  Ack: 0x74E1117D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:32.026409 24.126.82.22:2699 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63193 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9AFC1291  Ack: 0x74925F15  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:35.585232 24.126.82.22:2730 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B1543F9  Ack: 0x74FCCAEF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:36.629035 24.126.82.22:2870 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63870 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9B88D888  Ack: 0x74C038B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-23:42:37.424801 24.126.82.22:2907 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:63993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9BA71BEF  Ack: 0x756D5824  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:38.119429 24.126.82.22:2937 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64100 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9BC02E3E  Ack: 0x759DA985  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.001573 24.126.82.22:2964 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64207 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BD90B23  Ack: 0x75A797C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.600051 24.126.82.22:3003 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64339 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9BF8F3E2  Ack: 0x7560B92D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:39.937365 24.126.82.22:3027 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64405 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C0CE514  Ack: 0x75BB51EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:44.170721 24.126.82.22:3175 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64924 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C86816B  Ack: 0x7572FDBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:45.103693 24.126.82.22:3216 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65054 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9CA785D7  Ack: 0x7559CB13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:46.280631 24.126.82.22:3252 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CC6FA46  Ack: 0x75F7EB17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.045222 24.126.82.22:3299 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9CED4D70  Ack: 0x75ED5254  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-23:42:47.787012 24.126.82.22:3327 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:65442 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D043888  Ack: 0x765AB66A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:48.517444 24.126.82.22:3101 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:58618 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5AFC41E8  Ack: 0xEA1881E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:58.391376 24.126.82.22:3511 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60204 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C4FC9E3  Ack: 0xF83776E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:20:59.192298 24.126.82.22:3534 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60324 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C646625  Ack: 0xF64BC85  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.074330 24.126.82.22:3566 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60474 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C7E8D2A  Ack: 0xFB7A533  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:00.957095 24.126.82.22:3601 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:60613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C9D0445  Ack: 0xF7165FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:10.917473 24.126.82.22:3997 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62223 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5DE9AC15  Ack: 0x1091B3BC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-04:21:11.712572 24.126.82.22:4030 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62397 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E04EAD2  Ack: 0xFC49F13  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:12.157508 24.126.82.22:4065 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:62483 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5E21F20E  Ack: 0x10AD1D9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:21.956948 24.126.82.22:4448 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:64235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5F6B87B9  Ack: 0x110EEFA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:31.726831 24.126.82.22:4897 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x60E04BF4  Ack: 0x118EAFF6  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:32.935320 24.126.82.22:4930 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x60FD22D0  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:33.275771 24.126.82.22:4972 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:703 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6120F418  Ack: 0x1188580C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.071065 24.126.82.22:4995 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1368 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x613342DF  Ack: 0x1206ADE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:37.908991 24.126.82.22:1169 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1547 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61B14028  Ack: 0x11A40B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:38.638939 24.126.82.22:1208 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1690 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x61CEF057  Ack: 0x11D02E5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:21:39.319055 24.126.82.22:1236 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:1800 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61E7D544  Ack: 0x12115F53  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:26.386680 24.126.82.22:4375 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4002 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC833CCB  Ack: 0x18D21A49  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-06:05:27.130460 24.126.82.22:4432 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4222 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCCB1D2CB  Ack: 0x19351A79  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.277176 24.126.82.22:4347 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:2959 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x41BE12E2  Ack: 0x5A520401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.719243 24.126.82.22:4369 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3040 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x41D24DD5  Ack: 0x5A60850E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:23.231650 24.126.82.22:4386 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3143 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41E25534  Ack: 0x5A63E39A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:32.988972 24.126.82.22:4774 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x434FF6C8  Ack: 0x5B4F7EB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:42.800119 24.126.82.22:1203 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6505 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44BA3ED2  Ack: 0x5C0820F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:43.604007 24.126.82.22:1231 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44D1B925  Ack: 0x5BD6F0BA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:56.519028 24.126.82.22:1567 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8661 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4603794C  Ack: 0x5C9395F3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.055348 24.126.82.22:1696 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8789 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x467E862F  Ack: 0x5C9E3337  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.380428 24.126.82.22:1716 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46907F8C  Ack: 0x5C5CDE10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.699298 24.126.82.22:1735 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8961 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46A2BB8C  Ack: 0x5D037C2D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:07.093439 24.126.82.22:2160 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:10765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x48118295  Ack: 0x5CCCBE7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:16.780935 24.126.82.22:2580 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:12595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x49879194  Ack: 0x5E2C72B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:20.792011 24.126.82.22:2757 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13383 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A281F87  Ack: 0x5E66F1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:21.482082 24.126.82.22:2781 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13494 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4A3D5226  Ack: 0x5DB664B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:31.145474 24.126.82.22:3248 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15520 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BD6E5CB  Ack: 0x5E89C42C  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.126.82.22	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade