[Silicon Defense logo]

SnortSnarf alert page

Source: 24.148.73.90

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:
Earliest: 14:04:15.711387 on 04/26/2003
Latest: 14:04:38.561346 on 04/26/2003

5 different signatures are present for 24.148.73.90 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.148.73.90 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:15.711387 24.148.73.90:2090 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE692FFA5 Ack: 0xA1031CEE Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:18.028588 24.148.73.90:2148 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44774 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6C7ED2C Ack: 0xA02D17E3 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:23.063256 24.148.73.90:2396 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE78FF7D3 Ack: 0xA0F2471D Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:25.231601 24.148.73.90:2438 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45956 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE7B7073F Ack: 0xA1910EC7 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:29.912168 24.148.73.90:2699 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8857F7E Ack: 0xA16D01C6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-14:04:31.519352 24.148.73.90:2874 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:46908 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE911CF1D Ack: 0xA1DE5414 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-14:04:33.470998 24.148.73.90:2917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE9367F71 Ack: 0xA11B513A Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:35.212085 24.148.73.90:2994 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47575 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE973FF11 Ack: 0xA1EA19E2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:36.714761 24.148.73.90:3134 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47714 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9E25415 Ack: 0xA1851790 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-14:04:38.561346 24.148.73.90:3170 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:48025 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA02D1D0 Ack: 0xA1875ACC Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003