SnortSnarf alert page

Source: 24.150.86.224

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

12 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:02:54.132243 on 04/30/2003
Latest: 19:03:08.682353 on 04/30/2003

5 different signatures are present for 24.150.86.224 as a source

1 instances of WEB-IIS _mem_bin access
1 instances of WEB-FRONTPAGE /_vti_bin/ access
2 instances of WEB-IIS cmd.exe access
3 instances of WEB-IIS multiple decode attempt
5 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.150.86.224 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.132243 24.150.86.224:3156 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18958 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB70795FD  Ack: 0x6D2BE48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.369125 24.150.86.224:3157 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18984 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7090F85  Ack: 0x735FDCF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/30-19:02:54.546942 24.150.86.224:3158 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18993 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB70AD16D  Ack: 0x7405A43  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:54.760101 24.150.86.224:3160 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:19009 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70D295A  Ack: 0x71B1C57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.203622 24.150.86.224:3185 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72B97D9  Ack: 0x6F4D733  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.404701 24.150.86.224:3188 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72E221E  Ack: 0x7B27A7F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.584981 24.150.86.224:3189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB72F6E18  Ack: 0x7B6E7B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:58.808754 24.150.86.224:3193 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7332BB0  Ack: 0x7E61187  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.073342 24.150.86.224:3195 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24713 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB7357D03  Ack: 0x7C7F3BE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.273068 24.150.86.224:3196 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25072 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7378F3E  Ack: 0x7CBA066  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:02:59.470108 24.150.86.224:3197 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25519 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB7392EA8  Ack: 0x73CCD69  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/30-19:03:08.682353 24.150.86.224:3260 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:52208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB788C19E  Ack: 0x80E002B  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.150.86.224	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade