SnortSnarf alert page

Source: 24.209.11.98

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

99 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:22:42.215100 on 06/15/2003
Latest: 04:47:15.591833 on 06/17/2003

6 different signatures are present for 24.209.11.98 as a source

5 instances of WEB-FRONTPAGE /_vti_bin/ access
6 instances of WEB-IIS _mem_bin access
12 instances of WEB-IIS CodeRed v2 root.exe access
22 instances of WEB-IIS multiple decode attempt
24 instances of WEB-IIS cmd.exe access
30 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.11.98 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:42.215100 24.209.11.98:3873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4016 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E346F75  Ack: 0x1DE91BF7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:44.561369 24.209.11.98:3910 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4211 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E59702C  Ack: 0x1DF5DE91  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:46.776513 24.209.11.98:3936 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E75078B  Ack: 0x1E348214  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:49.025158 24.209.11.98:3969 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4589 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E95674B  Ack: 0x1E033859  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:51.753485 24.209.11.98:4002 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4817 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3EB934B8  Ack: 0x1E4DD034  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:53.782923 24.209.11.98:4033 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3ED85E9E  Ack: 0x1E409BEE  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-21:22:55.904657 24.209.11.98:4062 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5194 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EF55F75  Ack: 0x1E68C7A0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:57.682072 24.209.11.98:4090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5361 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3F129CD5  Ack: 0x1E765140  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:22:59.412556 24.209.11.98:4114 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5504 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F2B5FF3  Ack: 0x1E1FF786  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:01.824047 24.209.11.98:4141 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F45F33B  Ack: 0x1E5C6926  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:04.178999 24.209.11.98:4173 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:5901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F66A7F4  Ack: 0x1F01165B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:09.141683 24.209.11.98:4206 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F8767FA  Ack: 0x1F5FAAA1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:11.225193 24.209.11.98:4278 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FD077BC  Ack: 0x1F03FE28  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:13.650602 24.209.11.98:4306 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FEE00C1  Ack: 0x1F49FF33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:15.957503 24.209.11.98:4338 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6956 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x400F6DB9  Ack: 0x1F9BD6EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-21:23:18.045480 24.209.11.98:4370 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:7162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x402F8886  Ack: 0x1F47AF26  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:32.624187 24.209.11.98:2799 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDD4CE94E  Ack: 0xFD22189F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:35.213768 24.209.11.98:2833 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32601 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDD710192  Ack: 0xFDEA9D54  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:40.314609 24.209.11.98:2862 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:32851 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDD8EA437  Ack: 0xFDBDA71B  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:45.661120 24.209.11.98:2924 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33166 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDDD0DC1D  Ack: 0xFDC60C71  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:47.940246 24.209.11.98:2994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDE18ED22  Ack: 0xFE6AEB13  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:50.752879 24.209.11.98:3031 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE3F53A8  Ack: 0xFEA63CEF  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-00:37:53.019536 24.209.11.98:3060 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33593 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDE5DC117  Ack: 0xFF2D58D3  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:37:58.168521 24.209.11.98:3090 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:33932 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDE7AED4D  Ack: 0xFEB4257A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:00.552635 24.209.11.98:3163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEC4A493  Ack: 0xFF067899  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:02.598018 24.209.11.98:3197 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDEE83ECC  Ack: 0xFF211A01  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:04.795970 24.209.11.98:3227 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF05D045  Ack: 0xFFCE412C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:06.961452 24.209.11.98:3259 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF21DE20  Ack: 0xFF0F83F5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:09.386839 24.209.11.98:3286 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34609 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF3F36D4  Ack: 0xFFB8BB06  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:11.748601 24.209.11.98:3320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF6009B5  Ack: 0x53F0BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:13.932918 24.209.11.98:3347 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34868 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDF7D62DD  Ack: 0x789138  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-00:38:16.237531 24.209.11.98:3376 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34987 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF9ADF91  Ack: 0xFFEA4958  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.719775 24.209.11.98:2110 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52359 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x704127B4  Ack: 0x939E9692  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.905907 24.209.11.98:2116 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52375 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x70466EFE  Ack: 0x93A3771A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:03.988813 24.209.11.98:2118 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52388 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7047FB8D  Ack: 0x93614475  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.052967 24.209.11.98:2120 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x704A2D9A  Ack: 0x93F7BFFF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.127859 24.209.11.98:2123 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52407 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x704CEB90  Ack: 0x940A3F25  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.186129 24.209.11.98:2124 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52417 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704DD95F  Ack: 0x9383DA77  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-12:35:04.252236 24.209.11.98:2126 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52428 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x704FA775  Ack: 0x9360CDF2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.349579 24.209.11.98:2127 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52438 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7050D891  Ack: 0x9405AC9A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.413918 24.209.11.98:2130 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70539412  Ack: 0x9379FB97  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.474835 24.209.11.98:2135 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52464 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x70571DE8  Ack: 0x93C3B828  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.542218 24.209.11.98:2139 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52478 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7059FE6A  Ack: 0x941093F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:04.637727 24.209.11.98:2144 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52497 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x705E4D79  Ack: 0x93692A52  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.198925 24.209.11.98:2163 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52577 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x706ECCDE  Ack: 0x94007E26  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.282147 24.209.11.98:2166 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52591 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7070B66D  Ack: 0x937FDCC0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.338587 24.209.11.98:2169 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52600 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x70733B18  Ack: 0x93F09900  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-12:35:05.440310 24.209.11.98:2172 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52617 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70763173  Ack: 0x939E69F9  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.875386 24.209.11.98:2441 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42379 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7E29A11F  Ack: 0x9DD52E64  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:51.987602 24.209.11.98:2443 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42397 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7E2BC9AD  Ack: 0x9E838325  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.064343 24.209.11.98:2446 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42410 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E2E86DF  Ack: 0x9E0AA9C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.136732 24.209.11.98:2449 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42420 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7E3091A8  Ack: 0x9DDE9B95  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.226978 24.209.11.98:2451 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E327563  Ack: 0x9E641A47  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.303470 24.209.11.98:2453 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42442 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E34668F  Ack: 0x9E3F8D75  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-17:08:52.377991 24.209.11.98:2457 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E38126D  Ack: 0x9E7F5510  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.442103 24.209.11.98:2460 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42470 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7E3AC382  Ack: 0x9E76E1B8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.528828 24.209.11.98:2463 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42483 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3D2E59  Ack: 0x9E9361AC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.595689 24.209.11.98:2465 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E3ED7A6  Ack: 0x9E7436FC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.655587 24.209.11.98:2468 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42507 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E41985A  Ack: 0x9DAB3A4E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.733689 24.209.11.98:2471 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42514 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E44CB0A  Ack: 0x9E51BA81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.800519 24.209.11.98:2473 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42526 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7E4644A8  Ack: 0x9E7C2221  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.843700 24.209.11.98:2476 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E48B997  Ack: 0x9E2CCCA8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:52.886655 24.209.11.98:2477 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42543 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7E49AD79  Ack: 0x9E523942  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-17:08:53.433550 24.209.11.98:2487 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42599 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E52F9FE  Ack: 0x9DB177B3  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:51.884392 24.209.11.98:1914 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x21167128  Ack: 0x61582860  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.328517 24.209.11.98:1927 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x21223A3B  Ack: 0x61886D44  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:52.900103 24.209.11.98:1934 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10732 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2128F319  Ack: 0x613DF7A7  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:53.441534 24.209.11.98:1945 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x21331DC4  Ack: 0x614DC68B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:15:54.100221 24.209.11.98:1951 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x213A57AB  Ack: 0x6128CD3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-20:15:59.224069 24.209.11.98:2016 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11316 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x217BC8E8  Ack: 0x61EF7048  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:00.388443 24.209.11.98:2038 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11422 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2193D263  Ack: 0x612E9E1F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:01.555493 24.209.11.98:2052 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11518 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21A17B9E  Ack: 0x6164E20A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:02.453477 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11606 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21AFF80F  Ack: 0x61385181  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.299307 24.209.11.98:2078 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11687 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21BCC269  Ack: 0x61C02D95  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:03.928970 24.209.11.98:2092 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11753 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x21CA674D  Ack: 0x61C0F328  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:04.661904 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11828 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:07.769213 24.209.11.98:2101 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12109 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x21D2F59D  Ack: 0x6231C822  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:14.652634 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:17.261124 24.209.11.98:2242 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2260DF19  Ack: 0x622C86B4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:18.772443 24.209.11.98:2304 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13103 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x229CD6D4  Ack: 0x62BA1C3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-20:16:19.441718 24.209.11.98:2322 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13195 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22AE06D6  Ack: 0x62FD4926  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:55.485643 24.209.11.98:1728 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16745 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4E7D47  Ack: 0xEB73AEB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:56.419521 24.209.11.98:1746 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:16876 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5E7ADF  Ack: 0xEBA24422  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:57.622876 24.209.11.98:1766 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17044 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA72754D  Ack: 0xEB4FF883  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:58.470371 24.209.11.98:1781 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17181 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA7F2152  Ack: 0xEB911DAF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:46:59.352345 24.209.11.98:1791 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17299 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA89EAF1  Ack: 0xEBA84CFF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:00.487861 24.209.11.98:1804 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17464 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA9661F8  Ack: 0xEBAF7B33  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/17-04:47:01.477836 24.209.11.98:1843 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17599 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB66683  Ack: 0xEB8DD97D  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.268221 24.209.11.98:1856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17690 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAC35E16  Ack: 0xEB83CDB9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:02.893516 24.209.11.98:1866 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17787 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xACE2EBE  Ack: 0xEBDC5630  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:03.716509 24.209.11.98:1873 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAD5C399  Ack: 0xEBC9C4D3  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:04.836177 24.209.11.98:1888 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE29483  Ack: 0xEBB1C5AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:05.780138 24.209.11.98:1928 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18173 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03AD40  Ack: 0xEBE8261F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:06.858831 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18305 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:09.568860 24.209.11.98:1944 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18652 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB13A9BA  Ack: 0xEC640924  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:10.807145 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:13.800282 24.209.11.98:2013 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB53C10D  Ack: 0xEC310651  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:14.753241 24.209.11.98:2065 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB87092E  Ack: 0xEC602BB5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/17-04:47:15.591833 24.209.11.98:2094 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19448 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EB384  Ack: 0xECE35A7E  Win: 0xFAF0  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.11.98	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade