[Silicon Defense logo]

SnortSnarf alert page

Source: 24.189.230.118

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

40 such alerts found using input module SnortFileInput, with sources:
Earliest: 05:20:51.395118 on 06/09/2003
Latest: 07:17:46.880343 on 06/16/2003

6 different signatures are present for 24.189.230.118 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.189.230.118 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:20:51.395118 24.189.230.118:1324 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2552 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71C5B62C Ack: 0x6D95348C Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:20:51.770884 24.189.230.118:1335 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2589 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x71CF2E66 Ack: 0x6DD29EDD Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:20:51.905727 24.189.230.118:1344 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2609 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71D495BB Ack: 0x6D922138 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:20:52.045190 24.189.230.118:1352 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71DAADCB Ack: 0x6D1CC9B3 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:20:52.181367 24.189.230.118:1356 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x71DE2BC2 Ack: 0x6DB0C1E5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/09-05:21:01.314526 24.189.230.118:1763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3795 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7306E1BD Ack: 0x6DBD5772 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/09-05:21:10.420701 24.189.230.118:2139 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4532 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x741DFB61 Ack: 0x6E75AE1E Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:10.531290 24.189.230.118:2144 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4542 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7420B36E Ack: 0x6E995449 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:10.668170 24.189.230.118:2147 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4551 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7423D62C Ack: 0x6EC29BBD Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:10.780818 24.189.230.118:2148 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4561 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7424CFD3 Ack: 0x6ED6E3B5 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:10.911400 24.189.230.118:2160 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4585 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x742D29F8 Ack: 0x6EAEFC67 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:11.022229 24.189.230.118:2173 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4600 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7433C95A Ack: 0x6EB2E669 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:20.233268 24.189.230.118:2573 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5566 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7561CB8F Ack: 0x6F333443 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:20.347663 24.189.230.118:2579 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5582 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75664176 Ack: 0x6EFC42CC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:20.490858 24.189.230.118:2586 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5598 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x756BC6C8 Ack: 0x6F1C1ACA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/09-05:21:20.623073 24.189.230.118:2591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x756FAE65 Ack: 0x6F7DDF7B Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:42:50.013100 24.189.230.118:4932 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:569 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA723A Ack: 0x6A955018 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:42:50.393704 24.189.230.118:1169 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:661 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE53ADFB8 Ack: 0x6ABF315E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:42:53.792254 24.189.230.118:1406 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1329 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5E31809 Ack: 0x6AE7EDE7 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:03.006096 24.189.230.118:1871 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3129 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE735FB24 Ack: 0x6B7D8C2B Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:03.122037 24.189.230.118:1874 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE738E827 Ack: 0x6B50FBCF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/11-21:43:12.226277 24.189.230.118:2305 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4786 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87BC116 Ack: 0x6C946F81 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/11-21:43:12.659741 24.189.230.118:2307 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4886 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87D73DD Ack: 0x6C121E3F Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:12.918571 24.189.230.118:2311 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4948 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE881FBA1 Ack: 0x6C42F1C2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:13.039084 24.189.230.118:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4962 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88530FE Ack: 0x6BF88F6F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:13.217142 24.189.230.118:2318 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4976 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88799AE Ack: 0x6BE076A9 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:13.642176 24.189.230.118:2320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5073 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88A31B5 Ack: 0x6C4848F8 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:17.091495 24.189.230.118:2494 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5699 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE90F8C14 Ack: 0x6CCF9FA6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:20.272854 24.189.230.118:2539 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE93C62D4 Ack: 0x6CAB0206 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:20.412195 24.189.230.118:2541 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6310 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE93E2CC9 Ack: 0x6C679D76 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:20.524055 24.189.230.118:2544 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6318 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE9414B87 Ack: 0x6C4DC9C7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-21:43:29.892087 24.189.230.118:2925 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7471 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA68F8DF Ack: 0x6CD5B74F Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:45.526275 24.189.230.118:4982 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23675 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA08965F2 Ack: 0xE5BC8FBD Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:45.938530 24.189.230.118:4998 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23706 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA091FD19 Ack: 0xE5AAE445 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:46.202185 24.189.230.118:1032 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23730 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA096C9B0 Ack: 0xE5A4E1A2 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:46.350625 24.189.230.118:1044 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA09E5941 Ack: 0xE4F2A375 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:46.464094 24.189.230.118:1052 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23772 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0A47B6F Ack: 0xE5A823F6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/16-07:17:46.590757 24.189.230.118:1057 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23790 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0A899CF Ack: 0xE5405310 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/16-07:17:46.744144 24.189.230.118:1068 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23820 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0B16A60 Ack: 0xE554E867 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/16-07:17:46.880343 24.189.230.118:1073 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23847 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0B5DE55 Ack: 0xE53E79B2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003