[Silicon Defense logo]

SnortSnarf alert page

Source: 24.165.15.145

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:02:40.954839 on 05/14/2003
Latest: 21:03:22.733169 on 05/14/2003

6 different signatures are present for 24.165.15.145 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.165.15.145 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:40.954839 24.165.15.145:4591 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6420D020 Ack: 0x472997C1 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:45.315183 24.165.15.145:4815 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21169 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x64DA0C2D Ack: 0x46CE8E3F Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:49.133950 24.165.15.145:4858 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21834 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64FC542A Ack: 0x478AA28D Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:52.877264 24.165.15.145:1182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22495 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x65FA6B1F Ack: 0x47E3DD02 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:57.195337 24.165.15.145:1354 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23210 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6687DDB7 Ack: 0x4801A4C6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/14-21:02:58.114782 24.165.15.145:1379 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23373 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x669BED6B Ack: 0x48358999 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/14-21:02:58.864845 24.165.15.145:1410 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23512 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66B5EA20 Ack: 0x48273ADD Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:02:59.662259 24.165.15.145:1429 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23646 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x66C5F8A5 Ack: 0x482F0607 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:00.079763 24.165.15.145:1446 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66D5947C Ack: 0x4858C1DF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:04.002911 24.165.15.145:1584 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x674CDF39 Ack: 0x482A1C08 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:07.736277 24.165.15.145:1693 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67AB8092 Ack: 0x48C42968 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:08.173966 24.165.15.145:1714 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24859 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x67BAC631 Ack: 0x4827D445 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:08.546938 24.165.15.145:1720 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24893 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x67C0B1C2 Ack: 0x48B4C322 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:12.143086 24.165.15.145:1830 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25357 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x68214C04 Ack: 0x48716B1E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:12.520648 24.165.15.145:1847 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25388 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x682F8D7A Ack: 0x48F2E54E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/14-21:03:22.733169 24.165.15.145:2273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26819 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x698FE03F Ack: 0x491BBBD1 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003