[Silicon Defense logo]

SnortSnarf alert page

Source: 24.157.173.39

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

33 such alerts found using input module SnortFileInput, with sources:
Earliest: 23:07:49.185714 on 05/06/2003
Latest: 00:17:12.597421 on 05/16/2003

6 different signatures are present for 24.157.173.39 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.157.173.39 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:07:49.185714 24.157.173.39:1497 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45603 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E1389D Ack: 0x225991B4 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:07:50.314958 24.157.173.39:1507 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45674 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5EC3792 Ack: 0x22C102BF Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:07:53.465174 24.157.173.39:1515 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F3FBD8 Ack: 0x233CF9DE Win: 0xFAF0 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:07:57.231665 24.157.173.39:1601 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B8F21 Ack: 0x2380D656 Win: 0xFAF0 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:07:57.841326 24.157.173.39:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x65884F2 Ack: 0x22BDDC30 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/06-23:07:58.369133 24.157.173.39:1630 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46284 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x666C9AD Ack: 0x22EA179C Win: 0xFAF0 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/06-23:08:01.831193 24.157.173.39:1686 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46607 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69CAEB8 Ack: 0x239739C1 Win: 0xFAF0 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:05.018888 24.157.173.39:1730 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46833 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C92F57 Ack: 0x23FCA5A2 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:08.352284 24.157.173.39:1732 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47086 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CBF6DF Ack: 0x2384C20F Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:08.804881 24.157.173.39:1775 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F95CE4 Ack: 0x2356B4F8 Win: 0xFAF0 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:12.211507 24.157.173.39:1780 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47391 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6FE835C Ack: 0x241EA4EF Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:12.708957 24.157.173.39:1835 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47429 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x735F00F Ack: 0x2413A4F8 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:16.232127 24.157.173.39:1841 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47718 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x73C2406 Ack: 0x23AC0C74 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:16.469534 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47752 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E Ack: 0x245A649D Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:19.750377 24.157.173.39:1888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47984 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x76E063E Ack: 0x245A649D Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:26.266475 24.157.173.39:2018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48517 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7ED1BDF Ack: 0x24A5B2CA Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/06-23:08:26.732044 24.157.173.39:2032 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48587 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7FB2E64 Ack: 0x2476C4D5 Win: 0xFAF0 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:16:45.065705 24.157.173.39:1708 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18578 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFAA12381 Ack: 0x647D46E7 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:16:46.571531 24.157.173.39:1728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:18767 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFAB48B0A Ack: 0x648C5518 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:16:51.063182 24.157.173.39:1786 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19209 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFAF04C2E Ack: 0x651F70E0 Win: 0xFAF0 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:16:55.082728 24.157.173.39:1845 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFB2C6E23 Ack: 0x6553C622 Win: 0xFAF0 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:16:56.576364 24.157.173.39:1863 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFB3CEEAB Ack: 0x65A55D75 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-00:16:57.569152 24.157.173.39:1878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB4E9D9C Ack: 0x654074F6 Win: 0xFAF0 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-00:16:58.556264 24.157.173.39:1898 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19898 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFB5F7EB8 Ack: 0x654689F9 Win: 0xFAF0 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:00.070526 24.157.173.39:1910 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:19988 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFB6B4030 Ack: 0x65AB35E4 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:01.062527 24.157.173.39:1931 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB81896D Ack: 0x65A90AB5 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:02.064368 24.157.173.39:1945 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20215 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB906A09 Ack: 0x658B95A2 Win: 0xFAF0 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:06.577976 24.157.173.39:1998 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20597 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBCBABC1 Ack: 0x65BD1512 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:07.574388 24.157.173.39:2016 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20735 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBDF325E Ack: 0x667B7DB1 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:09.075727 24.157.173.39:2039 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20850 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFBF46431 Ack: 0x65EB1240 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:10.087637 24.157.173.39:2056 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:20980 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC070468 Ack: 0x667848E5 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:11.577223 24.157.173.39:2076 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21106 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFC19AC16 Ack: 0x660C0610 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-00:17:12.597421 24.157.173.39:2095 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:21242 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFC2BB026 Ack: 0x6679FAD5 Win: 0xFAF0 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003