[Silicon Defense logo]

SnortSnarf alert page

Source: 24.209.118.134

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

34 such alerts found using input module SnortFileInput, with sources:
Earliest: 19:49:18.916733 on 04/17/2003
Latest: 20:06:09.361589 on 04/17/2003

6 different signatures are present for 24.209.118.134 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.118.134 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:18.916733 24.209.118.134:3636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18580 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4529FE32 Ack: 0x75FC2499 Win: 0x4440 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:19.470421 24.209.118.134:3674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18734 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45468B37 Ack: 0x75DC7108 Win: 0x4440 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:22.685527 24.209.118.134:3969 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19544 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4627B1A2 Ack: 0x75A08770 Win: 0x4440 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:22.939782 24.209.118.134:3983 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19611 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46320BE7 Ack: 0x76501EA8 Win: 0x4440 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:23.127855 24.209.118.134:4007 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4644386C Ack: 0x75F185C1 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-19:49:23.419924 24.209.118.134:4022 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19698 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4650650C Ack: 0x75D7D9DE Win: 0x4440 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-19:49:23.625370 24.209.118.134:4035 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19762 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x465A17D9 Ack: 0x763040A1 Win: 0x4440 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:23.857936 24.209.118.134:4067 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19817 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46724014 Ack: 0x757ED2C0 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:24.060041 24.209.118.134:4092 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19877 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46852FDA Ack: 0x75FAFEB0 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:24.304649 24.209.118.134:4110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4691D7F6 Ack: 0x763335D7 Win: 0x4440 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:24.558852 24.209.118.134:4121 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:19992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x469B4A65 Ack: 0x767C5F21 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:24.759857 24.209.118.134:4142 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46ABE7FF Ack: 0x7658D76E Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:24.965869 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:20117 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB Ack: 0x768701E1 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:27.939743 24.209.118.134:4166 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21167 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46BE89EB Ack: 0x768701E1 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:28.173476 24.209.118.134:4494 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x47C176A2 Ack: 0x769B372F Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:28.436395 24.209.118.134:4521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:21367 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x47D75F8D Ack: 0x767DFB56 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-19:49:31.684194 24.209.118.134:4841 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:22345 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48CE9BC8 Ack: 0x762B09D1 Win: 0x4440 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:32.597613 24.209.118.134:4295 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7FFFD638 Ack: 0xB2DBE41B Win: 0x4440 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:32.929200 24.209.118.134:4680 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35259 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8125B03E Ack: 0xB2D88765 Win: 0x4440 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:33.134119 24.209.118.134:4722 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35372 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8146606E Ack: 0xB28C4149 Win: 0x4440 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:33.549946 24.209.118.134:4756 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35562 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8163C968 Ack: 0xB2AB0859 Win: 0x4440 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:33.862769 24.209.118.134:4796 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35718 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x817EDA46 Ack: 0xB253B9D0 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-20:05:34.206099 24.209.118.134:4831 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35834 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x819B5684 Ack: 0xB3347A75 Win: 0x4440 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-20:05:38.142535 24.209.118.134:1225 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37090 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82B8ED36 Ack: 0xB340906F Win: 0x4440 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:39.174161 24.209.118.134:1332 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37360 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x830A7AFE Ack: 0xB3666904 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:50.204537 24.209.118.134:2221 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39884 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85B7E42E Ack: 0xB4369E6F Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:50.781432 24.209.118.134:2252 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40008 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x85D1EC47 Ack: 0xB4132365 Win: 0x4440 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:51.292490 24.209.118.134:2324 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8605A0C0 Ack: 0xB3BBC22D Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:54.728877 24.209.118.134:2477 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:40915 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8684D181 Ack: 0xB41E0012 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:55.694025 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:41280 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862 Ack: 0xB46D8FE7 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:05:58.735996 24.209.118.134:2686 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:42156 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x871FB862 Ack: 0xB46D8FE7 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:06:05.075362 24.209.118.134:3573 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44400 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89E15A99 Ack: 0xB4374BC7 Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:06:05.609659 24.209.118.134:3584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44489 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x89EB6605 Ack: 0xB50C99BA Win: 0x4440 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/17-20:06:09.361589 24.209.118.134:3798 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:45605 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A8EB3A0 Ack: 0xB4F3FD45 Win: 0x4440 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003