[Silicon Defense logo]

SnortSnarf alert page

Source: 24.161.94.61

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 02:05:54.824824 on 05/23/2003
Latest: 02:07:06.719947 on 05/23/2003

6 different signatures are present for 24.161.94.61 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.161.94.61 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:05:54.824824 24.161.94.61:4659 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24227 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x45ACF053 Ack: 0x50BB1B35 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:05:57.262315 24.161.94.61:4718 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24432 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45DFA99F Ack: 0x50879C73 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:09.014247 24.161.94.61:1062 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:25417 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46F7E547 Ack: 0x52661FE3 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:20.325339 24.161.94.61:1395 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4817F43A Ack: 0x53BAB57D Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:22.579236 24.161.94.61:1443 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26523 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4842A2B5 Ack: 0x53C7D26F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/23-02:06:27.440390 24.161.94.61:1591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26888 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48C3F08B Ack: 0x53C7734A Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/23-02:06:29.650551 24.161.94.61:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27032 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48F04E27 Ack: 0x53DC3C23 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:31.922461 24.161.94.61:1697 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27212 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x491FEEBD Ack: 0x5418E4B9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:42.843878 24.161.94.61:2001 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A23FD92 Ack: 0x545A64E0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:48.289165 24.161.94.61:2131 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A98F2CD Ack: 0x5485D291 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:53.729892 24.161.94.61:2260 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28723 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0ADA3D Ack: 0x556B5D43 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:55.935349 24.161.94.61:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B3C21A0 Ack: 0x55A6A8E2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:06:58.192815 24.161.94.61:2378 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B744394 Ack: 0x55558C2B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:07:00.211439 24.161.94.61:2430 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29155 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BA0897F Ack: 0x5603ED84 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:07:01.406583 24.161.94.61:2479 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29244 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4BCD1C8F Ack: 0x55AE06DD Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-02:07:06.719947 24.161.94.61:2608 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C3E0430 Ack: 0x560F4D3E Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003