[Silicon Defense logo]

SnortSnarf alert page

Source: 24.209.113.11

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

52 such alerts found using input module SnortFileInput, with sources:
Earliest: 23:07:15.244775 on 05/19/2003
Latest: 23:57:22.633663 on 05/22/2003

7 different signatures are present for 24.209.113.11 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.113.11 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:15.244775 24.209.113.11:3405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6181 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x491B05CE Ack: 0xEF095F96 Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:15.827586 24.209.113.11:3423 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6271 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492B22D3 Ack: 0xEE7B731D Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:19.609710 24.209.113.11:3534 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6839 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x498893F8 Ack: 0xEEB1D9B7 Win: 0xB5C9 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:29.435512 24.209.113.11:3847 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A922538 Ack: 0xEF9C8B4B Win: 0xB5C9 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:29.997530 24.209.113.11:3859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A9B9B5F Ack: 0xEF6C88FC Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-23:07:30.376312 24.209.113.11:3884 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8648 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AAFDF8F Ack: 0xEF69E980 Win: 0xB5C9 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-23:07:31.385711 24.209.113.11:3916 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4ACABD8B Ack: 0xEF6C85D2 Win: 0xB5C9 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:31.819438 24.209.113.11:3932 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8846 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AD790AD Ack: 0xEF414453 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:32.171397 24.209.113.11:3942 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE07840 Ack: 0xF034DFAC Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:32.567226 24.209.113.11:3952 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:8963 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AE91F73 Ack: 0xEFFF7AB3 Win: 0xB5C9 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:32.886160 24.209.113.11:3964 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9032 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF33F7B Ack: 0xEF67D998 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:33.343227 24.209.113.11:3973 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9100 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AFBF183 Ack: 0xEFBD9743 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:34.077032 24.209.113.11:3986 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B06CB18 Ack: 0xF01B2ED8 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:34.423732 24.209.113.11:4002 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9267 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B154A20 Ack: 0xEFFFD241 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:35.006170 24.209.113.11:4012 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9329 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B1D5E92 Ack: 0xF0500395 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-23:07:35.607413 24.209.113.11:4033 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:9439 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B2FB412 Ack: 0xF005D09A Win: 0xB5C9 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/20-22:02:01.138734 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD19E2A Ack: 0x38705357 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/20-22:02:01.161101 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51345 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1A3DE Ack: 0x38705357 Win: 0xB5C9 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-01:06:26.117938 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24671 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138673 Ack: 0xF037F8F2 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-01:06:26.138178 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138C27 Ack: 0xF037F8F2 Win: 0xB5C9 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-22:11:02.976732 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2827 Ack: 0x997CC15B Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-22:11:02.985828 24.209.113.11:1859 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA9D2DDB Ack: 0x997CC15B Win: 0xB5C9 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-22:34:47.064169 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5419 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x68637033 Ack: 0xF3FCDB70 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-22:34:47.074456 24.209.113.11:4574 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5420 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x686375E7 Ack: 0xF3FCDB70 Win: 0xB5C9 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-19:15:56.285984 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31926 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A7C36 Ack: 0x441C3112 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-19:15:56.292562 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A81EA Ack: 0x441C3112 Win: 0xB5C9 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:16.247674 24.209.113.11:1353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36467 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x138A4729 Ack: 0x4C7049E5 Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:26.007411 24.209.113.11:1631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37793 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x147D9ED7 Ack: 0x4C299B1B Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:26.383418 24.209.113.11:1639 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37855 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14843664 Ack: 0x4D15DB48 Win: 0xB5C9 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:26.828712 24.209.113.11:1654 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37909 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14903BD9 Ack: 0x4C6384E8 Win: 0xB5C9 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:27.316970 24.209.113.11:1670 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37988 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x149D38E8 Ack: 0x4C9E6307 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/22-23:49:30.826594 24.209.113.11:1760 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38420 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x14EBE834 Ack: 0x4CA0FA50 Win: 0xB5C9 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/22-23:49:41.071237 24.209.113.11:2038 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39781 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15DDDD75 Ack: 0x4E114753 Win: 0xB5C9 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:49:51.025343 24.209.113.11:2322 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41106 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x16D02F87 Ack: 0x4F109034 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:50:16.272326 24.209.113.11:3037 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x193FEB5F Ack: 0x5084878E Win: 0xB5C9 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:56:59.753251 24.209.113.11:3786 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36025 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4390B11C Ack: 0x6B13CAD9 Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:00.243774 24.209.113.11:3874 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36103 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43DE5097 Ack: 0x6A7E94C7 Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:00.844554 24.209.113.11:3888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36167 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43EA8271 Ack: 0x6AA83206 Win: 0xB5C9 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:01.609100 24.209.113.11:3909 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36244 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43FBC012 Ack: 0x6B3C7299 Win: 0xB5C9 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:02.077505 24.209.113.11:3930 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x440E21F7 Ack: 0x6B356ADC Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/22-23:57:02.885954 24.209.113.11:3944 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36380 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44194B37 Ack: 0x6B1636C5 Win: 0xB5C9 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/22-23:57:03.465151 24.209.113.11:3965 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x442B52BA Ack: 0x6AB9215D Win: 0xB5C9 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:04.055755 24.209.113.11:3981 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36544 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4439EFBA Ack: 0x6AEAA028 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:04.648396 24.209.113.11:3998 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36609 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4447F6EA Ack: 0x6B5E7137 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:08.780225 24.209.113.11:4100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x449F98A5 Ack: 0x6B2CDC13 Win: 0xB5C9 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:13.088716 24.209.113.11:4131 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37467 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44BC1152 Ack: 0x6B1EA7C9 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:13.860999 24.209.113.11:4228 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37546 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4510299B Ack: 0x6BEBC387 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:17.794525 24.209.113.11:4248 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37951 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4520F0A2 Ack: 0x6B74F0A9 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:18.230163 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38030 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C Ack: 0x6B72F1F4 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:21.323430 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38377 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C Ack: 0x6B72F1F4 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:21.950767 24.209.113.11:4444 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38445 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x45CFF4C4 Ack: 0x6BD89825 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/22-23:57:22.633663 24.209.113.11:4460 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38532 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45DE245C Ack: 0x6C40AB3E Win: 0xB5C9 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003