[Silicon Defense logo]

SnortSnarf alert page

Source: 24.186.148.24

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

33 such alerts found using input module SnortFileInput, with sources:
Earliest: 03:54:07.671773 on 04/29/2003
Latest: 19:54:46.565526 on 04/29/2003

6 different signatures are present for 24.186.148.24 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.186.148.24 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:07.671773 24.186.148.24:1497 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x12A2CF3C Ack: 0x5E43B46D Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:08.020265 24.186.148.24:1501 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7806 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x12A6D0F1 Ack: 0x5EF4E94A Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:11.680224 24.186.148.24:1560 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12DD5D53 Ack: 0x5F2E6A4D Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:14.969071 24.186.148.24:1604 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8052 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x130BE85F Ack: 0x5F0AEAFB Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:24.265944 24.186.148.24:1741 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8444 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x139480BA Ack: 0x5FC19079 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-03:54:30.921302 24.186.148.24:1787 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8659 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x13C29BAE Ack: 0x5FF63172 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-03:54:43.627339 24.186.148.24:1952 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9041 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x146DCC66 Ack: 0x60C73201 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:53.029527 24.186.148.24:2098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9285 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x150AA19D Ack: 0x61403FD6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:53.170125 24.186.148.24:2099 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9291 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x150BA62B Ack: 0x60B84160 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:56.538469 24.186.148.24:2143 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1536C5FB Ack: 0x6157A94E Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:56.645340 24.186.148.24:2148 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153B1218 Ack: 0x61DFC24D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:56.751435 24.186.148.24:2150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153CE6F8 Ack: 0x61939B44 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:56.879126 24.186.148.24:2151 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9413 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x153E3CE2 Ack: 0x61AD118F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:56.974627 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9422 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC Ack: 0x61AF92E9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:54:59.920821 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9501 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC Ack: 0x61AF92E9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:55:03.070714 24.186.148.24:2190 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9595 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x15672AEB Ack: 0x618CAA5C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-03:55:03.410220 24.186.148.24:2226 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x158CDA9A Ack: 0x61CB53F8 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:15.955340 24.186.148.24:3182 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14781 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E37C5BA Ack: 0x893A4B7E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:16.070598 24.186.148.24:3186 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14792 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5E3B49FC Ack: 0x896387CE Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:19.622232 24.186.148.24:3230 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14894 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5E688012 Ack: 0x89F08C4C Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:29.049907 24.186.148.24:3364 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5EEF2379 Ack: 0x8A56EE87 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:29.200750 24.186.148.24:3368 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15259 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5EF33358 Ack: 0x89DA0ACA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-19:54:29.359942 24.186.148.24:3371 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15272 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF5EF89 Ack: 0x89BCD35C Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-19:54:29.502479 24.186.148.24:3372 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15283 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5EF781F6 Ack: 0x8A7E7E2B Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:38.910607 24.186.148.24:3486 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15583 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5F70BB20 Ack: 0x8AEACAD4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.291262 24.186.148.24:3533 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15692 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA1B82E Ack: 0x8BC0DAEB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.438491 24.186.148.24:3534 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15698 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA348EF Ack: 0x8C3235C6 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.567125 24.186.148.24:3536 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15708 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA573FA Ack: 0x8BC367D3 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.697813 24.186.148.24:3539 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5FA81C24 Ack: 0x8C5924D6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.842623 24.186.148.24:3541 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15727 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5FAA6337 Ack: 0x8C71C398 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:42.979090 24.186.148.24:3543 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FAC1B5C Ack: 0x8BF93B4E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:43.090329 24.186.148.24:3545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15741 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5FAE1F29 Ack: 0x8C2E604D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-19:54:46.565526 24.186.148.24:3588 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:15836 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FD986E1 Ack: 0x8CAC6C4C Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003