[Silicon Defense logo]

SnortSnarf alert page

Source: 24.202.15.240

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 20:52:43.905878 on 04/25/2003
Latest: 20:53:20.420298 on 04/25/2003

6 different signatures are present for 24.202.15.240 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.202.15.240 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:52:43.905878 24.202.15.240:1126 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58271 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD21F170C Ack: 0x68A10067 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:52:44.651316 24.202.15.240:1137 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58297 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD229433B Ack: 0x68A28EB7 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:52:45.468106 24.202.15.240:1140 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58338 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD22E8C1A Ack: 0x6852D730 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:52:46.181000 24.202.15.240:1145 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58377 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD233AFC7 Ack: 0x68E060D6 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:52:56.512192 24.202.15.240:1344 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59098 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD2ED89D5 Ack: 0x6958F6F4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-20:52:57.190456 24.202.15.240:1351 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD2F62C70 Ack: 0x68B1E484 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-20:53:04.305243 24.202.15.240:1437 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59537 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD342407F Ack: 0x69626922 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:04.909360 24.202.15.240:1485 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59566 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD3724882 Ack: 0x695B7A42 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:05.705042 24.202.15.240:1495 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD37CEA8B Ack: 0x69F32457 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:09.574259 24.202.15.240:1541 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59812 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3ABC26F Ack: 0x6A1D2A8C Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:10.335655 24.202.15.240:1571 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59845 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3C2F02C Ack: 0x69A047D0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:17.329659 24.202.15.240:1617 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60187 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD3F42E67 Ack: 0x69FA3037 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:18.146341 24.202.15.240:1689 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60216 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD4388C6E Ack: 0x6A1C8D10 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:18.885926 24.202.15.240:1695 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60253 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD43F0D0D Ack: 0x6A1E2797 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:19.618070 24.202.15.240:1700 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60269 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD444E8C0 Ack: 0x6A0FD353 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/25-20:53:20.420298 24.202.15.240:1706 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60320 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD44C15E9 Ack: 0x6A6D5DD8 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003