SnortSnarf alert page

Source: 24.132.247.34

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

8 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:51:02.581827 on 05/05/2003
Latest: 15:22:37.771433 on 05/14/2003

2 different signatures are present for 24.132.247.34 as a source

4 instances of WEB-IIS ISAPI .ida attempt
4 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.132.247.34 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.581827 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55069 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C001  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.590562 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55070 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C5B5  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.717676 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63146 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F34E  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.725764 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63147 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F902  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.541969 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57738 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6067338  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-17:28:22.550268 24.132.247.34:2646 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE60678EC  Ack: 0x9F346249  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.675802 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30840 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA86CC  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/14-15:22:37.771433 24.132.247.34:3543 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2ACA8C80  Ack: 0x42CC1D5C  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.132.247.34	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade