SnortSnarf alert page

Source: 24.209.174.0: #201-250

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:47:06.294377 on 05/23/2003
Latest: 16:18:55.311770 on 05/23/2003

6 different signatures are present for 24.209.174.0 as a source

15 instances of WEB-FRONTPAGE /_vti_bin/ access
16 instances of WEB-IIS _mem_bin access
30 instances of WEB-IIS CodeRed v2 root.exe access
49 instances of WEB-IIS multiple decode attempt
64 instances of WEB-IIS cmd.exe access
76 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.174.0 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:06.294377 24.209.174.0:4694 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26500 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x53F19914  Ack: 0x6F82F868  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:10.350900 24.209.174.0:4827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54633123  Ack: 0x6F787D6A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:13.885864 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:16.983249 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:17.559218 24.209.174.0:1090 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28194 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5530E478  Ack: 0x700B9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:17.841673 24.209.174.0:1100 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55393D65  Ack: 0x70A620B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:18.088712 24.209.174.0:1105 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28247 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x553E30FD  Ack: 0x7004B46F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.343814 24.209.174.0:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28273 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5542DDA1  Ack: 0x700344FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.614277 24.209.174.0:1125 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x554F3A0A  Ack: 0x707F788A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.191947 24.209.174.0:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55AB78B1  Ack: 0x7060BE47  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.437903 24.209.174.0:1239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28795 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B234BF  Ack: 0x70BCEF9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.661174 24.209.174.0:1246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B7BA37  Ack: 0x7046BA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.914738 24.209.174.0:1255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28848 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x55BF6850  Ack: 0x7070AF84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.125684 24.209.174.0:1259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28864 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55C3A9AA  Ack: 0x70BA21F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.382143 24.209.174.0:1264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28887 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55C806E1  Ack: 0x70CB8741  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.624127 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28923 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55D4F5D3  Ack: 0x70D2EF3B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:19.678054 24.209.174.0:3092 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56526 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC670258  Ack: 0xA53C516A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.067678 24.209.174.0:3096 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC6BB216  Ack: 0xA5BB3B6A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.292654 24.209.174.0:3104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC735963  Ack: 0xA5639F71  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.731683 24.209.174.0:3210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACCBF275  Ack: 0xA6512C54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.967278 24.209.174.0:3217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xACD293C7  Ack: 0xA5E7377F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:24.216694 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57009 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACDAEE1E  Ack: 0xA5E2A757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:33.686810 24.209.174.0:3471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57855 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xADB153E0  Ack: 0xA6D661F7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:33.946667 24.209.174.0:3479 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57885 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xADB8849E  Ack: 0xA683B50A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.626483 24.209.174.0:3581 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58270 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE128C25  Ack: 0xA69DE665  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.827629 24.209.174.0:3591 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE1B74EC  Ack: 0xA679AEF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:47.358791 24.209.174.0:3860 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0AE8F3  Ack: 0xA75CAE2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:56.997391 24.209.174.0:4111 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFE5FFDF  Ack: 0xA7F6938E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:06.612727 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61000 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:09.601865 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61283 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.017135 24.209.174.0:4508 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61318 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB13B09A6  Ack: 0xA838CB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.236151 24.209.174.0:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61342 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB13FF6FD  Ack: 0xA903B0CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.449728 24.209.174.0:4517 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB143A265  Ack: 0xA8319FF4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:40.905657 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x183C504C  Ack: 0xE66F9904  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.256077 24.209.174.0:3238 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38409 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1845BA4C  Ack: 0xE70CF69C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.522890 24.209.174.0:3245 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38446 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x184C0B1F  Ack: 0xE6FC735F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.070671 24.209.174.0:3280 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x18689091  Ack: 0xE6BA3306  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.328540 24.209.174.0:3292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18727C1E  Ack: 0xE6C7B6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.565808 24.209.174.0:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38585 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x18758B58  Ack: 0xE68734BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.787267 24.209.174.0:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38613 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x187B572F  Ack: 0xE72866F9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:43.002201 24.209.174.0:3312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38640 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x18836099  Ack: 0xE65DB1EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.628395 24.209.174.0:3398 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18CE19AF  Ack: 0xE6D67D12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.972611 24.209.174.0:3429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18E614E0  Ack: 0xE770DC25  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:47.262194 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:50.246691 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:51.035263 24.209.174.0:3537 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39488 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1947824D  Ack: 0xE6EEAB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.538696 24.209.174.0:3630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x199A3A37  Ack: 0xE7157258  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.841176 24.209.174.0:3638 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19A0FA82  Ack: 0xE7AA086E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.094096 24.209.174.0:3646 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39824 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19A89812  Ack: 0xE79FD184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.311770 24.209.174.0:3651 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19ADD1D9  Ack: 0xE77BAD33  Win: 0x4470  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.174.0	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade