[Silicon Defense logo]

SnortSnarf alert page

Source: 24.150.116.10

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 09:12:05.620877 on 05/26/2003
Latest: 09:12:30.774300 on 05/26/2003

6 different signatures are present for 24.150.116.10 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.150.116.10 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:05.620877 24.150.116.10:4200 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56629 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2CD385F6 Ack: 0x5A96DC92 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:06.322802 24.150.116.10:4212 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56657 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2CDCA3B8 Ack: 0x5AB69E31 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:06.548239 24.150.116.10:4214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CDEA63B Ack: 0x5B14DCDE Win: 0xFAF0 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:06.729268 24.150.116.10:4219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CE1C647 Ack: 0x5AF78F33 Win: 0xFAF0 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:16.133226 24.150.116.10:4411 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2D7DC2FC Ack: 0x5ACBE34E Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/26-09:12:16.306156 24.150.116.10:4415 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D80D87A Ack: 0x5AEA3FE1 Win: 0xFAF0 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/26-09:12:16.530387 24.150.116.10:4418 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57158 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D83167E Ack: 0x5AC0C17A Win: 0xFAF0 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:16.732378 24.150.116.10:4419 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57168 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2D84D106 Ack: 0x5ACB8F5C Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:16.923467 24.150.116.10:4420 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D865031 Ack: 0x5B3056D5 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:17.095662 24.150.116.10:4425 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D8B1005 Ack: 0x5BA1A1AC Win: 0xFAF0 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:17.277653 24.150.116.10:4432 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D909AB8 Ack: 0x5B94410A Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:17.477969 24.150.116.10:4435 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D932ED4 Ack: 0x5B844794 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:30.199664 24.150.116.10:4697 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2E4F90BE Ack: 0x5C385F80 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:30.372293 24.150.116.10:4770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58051 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E89CADD Ack: 0x5C846CFE Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:30.583098 24.150.116.10:4776 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58081 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2E8E7CAB Ack: 0x5C07A900 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/26-09:12:30.774300 24.150.116.10:4788 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E978F89 Ack: 0x5C61F550 Win: 0xFAF0 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003