[Silicon Defense logo]

SnortSnarf alert page

Source: 24.158.5.113

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 19:17:02.234808 on 05/11/2003
Latest: 19:17:39.068490 on 05/11/2003

6 different signatures are present for 24.158.5.113 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.158.5.113 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:02.234808 24.158.5.113:3907 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x43A5E94B Ack: 0xF9D5E100 Win: 0xFC00 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:06.945710 24.158.5.113:3988 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52852 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43F4C618 Ack: 0xFA652BC2 Win: 0xFC00 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:07.933486 24.158.5.113:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44031EC0 Ack: 0xFAC5B880 Win: 0xFC00 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:08.774026 24.158.5.113:4021 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53039 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44146D47 Ack: 0xFAC9CA84 Win: 0xFC00 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:13.221109 24.158.5.113:4094 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x445D33DC Ack: 0xFA63BF60 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/11-19:17:17.589969 24.158.5.113:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53802 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44A33810 Ack: 0xFA95110F Win: 0xFC00 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/11-19:17:18.415838 24.158.5.113:4180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53874 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44B2F200 Ack: 0xFAA7ABDE Win: 0xFC00 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:22.600926 24.158.5.113:4230 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54155 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x44E74ABB Ack: 0xFB531D95 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:23.327164 24.158.5.113:4244 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44F338AD Ack: 0xFAFA6718 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:27.187244 24.158.5.113:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45243C4A Ack: 0xFB2653CB Win: 0xFC00 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:28.036975 24.158.5.113:4300 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54537 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x452BF103 Ack: 0xFBC51077 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:28.892930 24.158.5.113:4314 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x453676A9 Ack: 0xFB88A7AC Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:33.089897 24.158.5.113:4368 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54898 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x456EEF51 Ack: 0xFC208D4C Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:33.860210 24.158.5.113:4383 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457E538A Ack: 0xFBDD6558 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:34.781521 24.158.5.113:4398 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x458CBCF3 Ack: 0xFB807335 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/11-19:17:39.068490 24.158.5.113:4463 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55415 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45CF0A8D Ack: 0xFC9CBB22 Win: 0xFC00 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003