SnortSnarf alert page

Source: 24.209.174.0

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

250 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 17:42:52.686745 on 05/22/2003
Latest: 16:18:55.311770 on 05/23/2003

6 different signatures are present for 24.209.174.0 as a source

15 instances of WEB-FRONTPAGE /_vti_bin/ access
16 instances of WEB-IIS _mem_bin access
30 instances of WEB-IIS CodeRed v2 root.exe access
49 instances of WEB-IIS multiple decode attempt
64 instances of WEB-IIS cmd.exe access
76 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.174.0 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:52.686745 24.209.174.0:4162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32224 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFD3109C2  Ack: 0xE4AD6F58  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:53.650186 24.209.174.0:4183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32361 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFD451B3D  Ack: 0xE46CBFFF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:03.711487 24.209.174.0:4456 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE34C3A2  Ack: 0xE535113D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.321462 24.209.174.0:4470 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE410A36  Ack: 0xE4B3764A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.938237 24.209.174.0:4490 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34037 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE530958  Ack: 0xE560F96B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:08.471526 24.209.174.0:4509 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34601 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFE64C842  Ack: 0xE53DB9AC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:12.337558 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35181 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:15.243418 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:15.941252 24.209.174.0:4807 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFF68F474  Ack: 0xE6D75FA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:19.638163 24.209.174.0:4915 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36277 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFC705FF  Ack: 0xE706B9E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:20.182494 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36360 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:23.057405 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.068049 24.209.174.0:1079 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36977 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3E89B2  Ack: 0xE77307E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.496080 24.209.174.0:1091 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x497DF9  Ack: 0xE72F97D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.269383 24.209.174.0:1210 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37610 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAD3B40  Ack: 0xE7A1CCE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.698188 24.209.174.0:1221 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7A755  Ack: 0xE7A87877  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:31.991447 24.209.174.0:1327 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38178 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x112CE1E  Ack: 0xE71CFED5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:35.880025 24.209.174.0:1443 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38794 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1793B84  Ack: 0xE7712DAA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.222705 24.209.174.0:3901 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29715 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x20B60FA0  Ack: 0xCDB075C4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.717756 24.209.174.0:3911 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29783 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20BF26D5  Ack: 0xCE3BD9FC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.003524 24.209.174.0:3926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29826 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20CA8A59  Ack: 0xCD82D765  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.288617 24.209.174.0:3941 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29870 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20D7642C  Ack: 0xCE35E8EC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.622359 24.209.174.0:3954 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29920 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20E1D57C  Ack: 0xCD9A1AA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:10.880264 24.209.174.0:3966 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20EB53E7  Ack: 0xCE4ECB24  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:14.664836 24.209.174.0:3991 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30378 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21019788  Ack: 0xCE3538D0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.203566 24.209.174.0:4386 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x224FED49  Ack: 0xCEA585EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.463015 24.209.174.0:4397 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22584878  Ack: 0xCE46C8D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.696405 24.209.174.0:4400 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x225B8741  Ack: 0xCE350EEB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.981841 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226192D7  Ack: 0xCE7ADEAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.267831 24.209.174.0:4418 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31414 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226A7A66  Ack: 0xCE7783C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.532648 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31440 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.507972 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.899337 24.209.174.0:4523 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31730 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22C7DD04  Ack: 0xCF4483F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.108515 24.209.174.0:4528 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x22CCE646  Ack: 0xCED77B91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.374187 24.209.174.0:4535 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31766 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22D331A6  Ack: 0xCEEDEAD3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:40:56.240352 24.209.174.0:4127 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28546 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x54A14477  Ack: 0x853A126A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:05.802882 24.209.174.0:4398 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x558CFA49  Ack: 0x85FCA940  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:06.064546 24.209.174.0:4405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5593073A  Ack: 0x85C3A60E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.575181 24.209.174.0:4530 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x55F84913  Ack: 0x859D4A51  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.860959 24.209.174.0:4541 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29797 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56020401  Ack: 0x85A19911  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:10.124624 24.209.174.0:4549 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29830 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x56089E76  Ack: 0x85B28B84  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:13.740741 24.209.174.0:4659 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5668729B  Ack: 0x8695B7F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.381890 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x578745E6  Ack: 0x86D42E74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.703756 24.209.174.0:1040 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31369 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57912F17  Ack: 0x86B91879  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.051015 24.209.174.0:1054 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x579D524B  Ack: 0x86EF4F09  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.346696 24.209.174.0:1068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31470 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57A992EF  Ack: 0x8720F952  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.628153 24.209.174.0:1082 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31513 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B46924  Ack: 0x869B6FE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.193929 24.209.174.0:1204 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x581CB0EF  Ack: 0x86D18DD2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.449154 24.209.174.0:1211 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31994 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58220725  Ack: 0x87A56117  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.674451 24.209.174.0:1218 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32025 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x58279B01  Ack: 0x8782968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:38.167375 24.209.174.0:1505 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32903 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x591DE8F2  Ack: 0x8756E683  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:56.959830 24.209.174.0:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15315 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBB0123AF  Ack: 0x2DA02A7D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.399492 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15382 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBB17509A  Ack: 0x2D6DB565  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.687966 24.209.174.0:1042 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15427 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB2185FC  Ack: 0x2D679B27  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.307976 24.209.174.0:1150 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15768 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB7F2C02  Ack: 0x2D98BD6F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.548727 24.209.174.0:1163 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15799 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB8A0A98  Ack: 0x2D7EB488  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.309189 24.209.174.0:1287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16239 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBBF5BE81  Ack: 0x2E2E3AE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.722488 24.209.174.0:1307 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16303 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC06C983  Ack: 0x2E119AA3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:09.222757 24.209.174.0:1447 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC7C814D  Ack: 0x2DDEC713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:18.678375 24.209.174.0:1748 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:17749 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8245E5  Ack: 0x2EA181D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:28.329383 24.209.174.0:2069 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:18778 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBE94B919  Ack: 0x2EE8601D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:37.860305 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19652 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF893E84  Ack: 0x2F80299C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.102779 24.209.174.0:2358 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8E4E9F  Ack: 0x300669E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.339335 24.209.174.0:2364 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19683 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBF93B172  Ack: 0x2F85E7FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.596978 24.209.174.0:2368 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF96EE77  Ack: 0x2FEC348E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.865389 24.209.174.0:2373 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBF9BC1BE  Ack: 0x2FF6C402  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:39.118563 24.209.174.0:2382 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19742 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBFA3F4BB  Ack: 0x2F8AF27D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:03.277714 24.209.174.0:2768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27316 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEE296E5C  Ack: 0x5EBE8547  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:12.939788 24.209.174.0:3057 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28228 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF26A05F  Ack: 0x5EEA4DAE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.178494 24.209.174.0:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF2F2C02  Ack: 0x5EF716BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.387948 24.209.174.0:3078 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF37DF4D  Ack: 0x5EABB055  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.626844 24.209.174.0:3082 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28279 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF3CA53F  Ack: 0x5F3E5C93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.334367 24.209.174.0:3366 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF035134C  Ack: 0x600A5BCB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.660859 24.209.174.0:3385 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29204 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF044CB70  Ack: 0x60042FE7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:23.964726 24.209.174.0:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF04EA7B5  Ack: 0x5FB80EC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.480981 24.209.174.0:3692 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30127 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF14D95F9  Ack: 0x5FFC3013  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.719067 24.209.174.0:3699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30150 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF152BEF2  Ack: 0x5FFDCC03  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.989373 24.209.174.0:3707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30172 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF158D4B6  Ack: 0x5FD1B373  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:34.196714 24.209.174.0:3713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30188 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF15DC0EF  Ack: 0x601FB2E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:43.777666 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF25E71FF  Ack: 0x60C7FB9A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.083375 24.209.174.0:4019 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF264EDC1  Ack: 0x614A3A95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.392625 24.209.174.0:4034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31164 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF270DD66  Ack: 0x6094F5E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.630524 24.209.174.0:4047 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31200 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27C8249  Ack: 0x613D44DF  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:32.666273 24.209.174.0:3971 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14217 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAF04CDBC  Ack: 0xD88B534B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.023573 24.209.174.0:3984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF0F74AB  Ack: 0xD861DC10  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.241765 24.209.174.0:3997 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF1A9AB6  Ack: 0xD8A62BA5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.507460 24.209.174.0:4008 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14319 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF242AAD  Ack: 0xD8AC45CD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.726315 24.209.174.0:4018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF2C8606  Ack: 0xD8EC4CF9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:33.976004 24.209.174.0:4026 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14365 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF33B63A  Ack: 0xD8B8A401  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:34.208985 24.209.174.0:4038 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14396 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF3D2FFB  Ack: 0xD88D24EF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:43.805905 24.209.174.0:4296 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB02093BF  Ack: 0xD92E3C0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.014504 24.209.174.0:4300 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02516D8  Ack: 0xD96AF770  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.248072 24.209.174.0:4311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02DD3AF  Ack: 0xD90ABFA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.470780 24.209.174.0:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15155 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB031F5FF  Ack: 0xD9BA432E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.742018 24.209.174.0:4326 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03B229F  Ack: 0xD9AD009E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.971696 24.209.174.0:4332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15193 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB040CC52  Ack: 0xD8E7C569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:45.183203 24.209.174.0:4337 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0451F1F  Ack: 0xD95FE380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.359287 24.209.174.0:4341 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15382 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB0488C47  Ack: 0xD9B0CF1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.583566 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:51.585463 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15571 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:57.680298 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:27.949163 24.209.174.0:4819 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37023 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE818BFB8  Ack: 0x7CB7ADA9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:28.403424 24.209.174.0:4830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37080 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE8231F22  Ack: 0x7C94FA32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:37.936409 24.209.174.0:1158 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37980 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE92D7C2B  Ack: 0x7CECA892  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.151241 24.209.174.0:1164 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9328ADF  Ack: 0x7D95DE7F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.382597 24.209.174.0:1168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE936816E  Ack: 0x7DBEFCC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:47.824741 24.209.174.0:1434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38730 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1B32B3  Ack: 0x7E3AA690  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:48.030184 24.209.174.0:1440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38743 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1FF4CB  Ack: 0x7DF1CA04  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.233094 24.209.174.0:1444 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38760 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEA24449E  Ack: 0x7E23ECAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.452050 24.209.174.0:1449 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38781 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA28C537  Ack: 0x7E5D990F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.010750 24.209.174.0:1679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAF86BBB  Ack: 0x7EB1378F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.222531 24.209.174.0:1686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAFE273B  Ack: 0x7EB2C1E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.484343 24.209.174.0:1691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB032C0B  Ack: 0x7EBE8FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.695125 24.209.174.0:1699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39412 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEB09F403  Ack: 0x7E32B784  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.918363 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:01.866243 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39791 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:02.139662 24.209.174.0:1826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39823 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEB7461AC  Ack: 0x7EAD15D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:11.722375 24.209.174.0:2152 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC911A0A  Ack: 0x7F5D28E0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.250589 24.209.174.0:3348 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C1954A5  Ack: 0x8ADDA06  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.584929 24.209.174.0:3357 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20576 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C21AFD1  Ack: 0x86719EA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:35.213992 24.209.174.0:3469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20872 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C804367  Ack: 0x93DC50E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:44.843411 24.209.174.0:3739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:21755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D778B94  Ack: 0x9A218EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:54.450475 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22460 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E5AA871  Ack: 0xA6D06F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:33:54.688358 24.209.174.0:4013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22472 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E600417  Ack: 0x9797147  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:34:07.438477 24.209.174.0:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23275 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5F2888D2  Ack: 0xAC76C53  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:17.003550 24.209.174.0:4558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23937 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6043A889  Ack: 0xBA04E51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:26.521934 24.209.174.0:4874 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61515A7E  Ack: 0xC58C898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:30.201704 24.209.174.0:4985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61B2F3F4  Ack: 0xC845B0C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.069075 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26317 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x629D0A51  Ack: 0xE4816B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.344304 24.209.174.0:1396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62FA3915  Ack: 0xF512149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.555536 24.209.174.0:1405 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26381 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x630048FC  Ack: 0xF5478CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.776773 24.209.174.0:1410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26399 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63051696  Ack: 0xE77713F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.983702 24.209.174.0:1417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26416 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x630AFB4B  Ack: 0xEF423BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:44.225609 24.209.174.0:1424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63111ADE  Ack: 0xE966C5C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:52.768141 24.209.174.0:1271 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12627 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4E7B7099  Ack: 0x3931D212  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.147931 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12660 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4E834569  Ack: 0x393ACCFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:53.381250 24.209.174.0:1289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E89F657  Ack: 0x38A33292  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:53:57.116397 24.209.174.0:1311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4E9BF5E0  Ack: 0x3932FAC2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:00.782617 24.209.174.0:1484 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13159 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4F324D66  Ack: 0x398C82A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:01.020130 24.209.174.0:1493 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13178 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4F3A19CC  Ack: 0x39C0DAE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-09:54:10.685727 24.209.174.0:1803 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x50441B80  Ack: 0x39ADAE42  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:10.944471 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14264 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5050362C  Ack: 0x3A1150EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.176153 24.209.174.0:1825 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14294 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5055BFD4  Ack: 0x3A76E732  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.432895 24.209.174.0:1836 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14327 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x505ED8A0  Ack: 0x3A235ECF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.660299 24.209.174.0:1841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5063739C  Ack: 0x39CAB81D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:11.889990 24.209.174.0:1849 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x506A0BBB  Ack: 0x3A76A6B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:12.125005 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14406 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.069263 24.209.174.0:1858 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5070EF9E  Ack: 0x3AAB4025  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.515085 24.209.174.0:1959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50C8712D  Ack: 0x3A484058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:15.786669 24.209.174.0:1967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14732 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x50D0696C  Ack: 0x3A96D32B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:54:16.022905 24.209.174.0:1982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14768 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50DC00FE  Ack: 0x3A7DC478  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.502338 24.209.174.0:2456 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56742 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x82DCB47A  Ack: 0x4D6996BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:27.890218 24.209.174.0:2463 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56788 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x82E33F92  Ack: 0x4D293335  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.096137 24.209.174.0:2466 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56817 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82E6BAA6  Ack: 0x4D98D031  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.335705 24.209.174.0:2471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x82EAFB40  Ack: 0x4E07D0F3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:28.585107 24.209.174.0:2481 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56890 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x82F424ED  Ack: 0x4D82E08E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:28.810220 24.209.174.0:2485 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x82F7C3FB  Ack: 0x4D5513BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-14:30:38.397219 24.209.174.0:2739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58344 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x83D80C78  Ack: 0x4DD10DC9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:38.702956 24.209.174.0:2752 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58390 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x83E36272  Ack: 0x4E278DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.030238 24.209.174.0:2760 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58442 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83EB1B28  Ack: 0x4DF569AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.311509 24.209.174.0:2773 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83F629BD  Ack: 0x4EAEBA3A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.571200 24.209.174.0:2783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x83FD6BDB  Ack: 0x4E792EE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:39.869654 24.209.174.0:2793 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58578 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8405E07D  Ack: 0x4DF6710D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.162604 24.209.174.0:2798 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58626 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x840AE20F  Ack: 0x4E3C4EE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.430002 24.209.174.0:2808 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58670 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841175EE  Ack: 0x4E2402D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.691269 24.209.174.0:2817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8418315A  Ack: 0x4DCEA5CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-14:30:40.997266 24.209.174.0:2827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x841F50AF  Ack: 0x4E564B96  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:44.757269 24.209.174.0:3930 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53691 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE64A8BD5  Ack: 0x2DA831AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.119654 24.209.174.0:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53716 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE6522B0A  Ack: 0x2DF2A6F8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.330777 24.209.174.0:3942 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE655772F  Ack: 0x2DCE0C00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.550117 24.209.174.0:3951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53758 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE65D7DBB  Ack: 0x2E092F8B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:45.769444 24.209.174.0:3960 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:53787 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE6651D60  Ack: 0x2D44B802  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.353264 24.209.174.0:4233 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54583 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7522357  Ack: 0x2F94E3D5  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:29:55.583182 24.209.174.0:4240 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54605 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE7577686  Ack: 0x2F7F0BAF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:29:55.796859 24.209.174.0:4251 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:54629 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE760C68E  Ack: 0x2F9FABA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:08.576895 24.209.174.0:4556 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE87443C3  Ack: 0x2F9A2E7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.082057 24.209.174.0:4649 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C50989  Ack: 0x2FF4F6CD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.363140 24.209.174.0:4678 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8DAD7F4  Ack: 0x2FB7D61A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.562554 24.209.174.0:4691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8E4859E  Ack: 0x309650DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:09.825787 24.209.174.0:4701 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56137 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE8EC798C  Ack: 0x302CEF36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.035102 24.209.174.0:4707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8F22016  Ack: 0x30276E36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.262849 24.209.174.0:4713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56169 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE8F6C36F  Ack: 0x2FCD0940  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:30:10.478034 24.209.174.0:4718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56184 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE8FB0607  Ack: 0x2FC73DB1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:36.734160 24.209.174.0:1153 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4001 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF7D01D13  Ack: 0x386B31C0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.453468 24.209.174.0:1489 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5052 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8EAC693  Ack: 0x39E914A6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:46.761768 24.209.174.0:1501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8F49BAF  Ack: 0x38FC7C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.052931 24.209.174.0:1511 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8FE4E8E  Ack: 0x39B0B379  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:47.318909 24.209.174.0:1525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5189 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF90A0883  Ack: 0x391F2282  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:56.916006 24.209.174.0:1807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9FF6A55  Ack: 0x39D7139C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:32:57.203016 24.209.174.0:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6120 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA08F38D  Ack: 0x39C8EEBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:32:57.463093 24.209.174.0:1830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6160 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA140B94  Ack: 0x399F16BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:07.029531 24.209.174.0:2086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6879 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAF36DE0  Ack: 0x3B13F26C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:16.654643 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7598 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBD92238  Ack: 0x3AD385EA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.109580 24.209.174.0:2457 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7898 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC3154F2  Ack: 0x3B148FBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:20.361750 24.209.174.0:2464 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7921 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC375ABA  Ack: 0x3BCBD5AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.025165 24.209.174.0:2584 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8342 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFC9F4132  Ack: 0x3B9DE1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.359867 24.209.174.0:2597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8394 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCAA3241  Ack: 0x3B631863  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:24.709302 24.209.174.0:2615 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8450 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCB87228  Ack: 0x3BCA1566  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:33:25.035061 24.209.174.0:2628 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCC4AA45  Ack: 0x3BEB9791  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:05.793817 24.209.174.0:4681 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26426 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x53E6355A  Ack: 0x6F405AC2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:06.294377 24.209.174.0:4694 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26500 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x53F19914  Ack: 0x6F82F868  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:10.350900 24.209.174.0:4827 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54633123  Ack: 0x6F787D6A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:13.885864 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:16.983249 24.209.174.0:4947 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x54CB80D9  Ack: 0x7003BB7A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:17.559218 24.209.174.0:1090 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28194 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5530E478  Ack: 0x700B9C41  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:17.841673 24.209.174.0:1100 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55393D65  Ack: 0x70A620B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-15:47:18.088712 24.209.174.0:1105 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28247 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x553E30FD  Ack: 0x7004B46F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.343814 24.209.174.0:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28273 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5542DDA1  Ack: 0x700344FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:18.614277 24.209.174.0:1125 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x554F3A0A  Ack: 0x707F788A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.191947 24.209.174.0:1232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55AB78B1  Ack: 0x7060BE47  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.437903 24.209.174.0:1239 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28795 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B234BF  Ack: 0x70BCEF9F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.661174 24.209.174.0:1246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x55B7BA37  Ack: 0x7046BA71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:22.914738 24.209.174.0:1255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28848 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x55BF6850  Ack: 0x7070AF84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.125684 24.209.174.0:1259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28864 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55C3A9AA  Ack: 0x70BA21F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.382143 24.209.174.0:1264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28887 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55C806E1  Ack: 0x70CB8741  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-15:47:23.624127 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28923 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x55D4F5D3  Ack: 0x70D2EF3B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:19.678054 24.209.174.0:3092 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56526 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAC670258  Ack: 0xA53C516A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.067678 24.209.174.0:3096 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56552 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAC6BB216  Ack: 0xA5BB3B6A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:20.292654 24.209.174.0:3104 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAC735963  Ack: 0xA5639F71  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.731683 24.209.174.0:3210 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACCBF275  Ack: 0xA6512C54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:23.967278 24.209.174.0:3217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56974 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xACD293C7  Ack: 0xA5E7377F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:24.216694 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57009 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xACDAEE1E  Ack: 0xA5E2A757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:01:33.686810 24.209.174.0:3471 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57855 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xADB153E0  Ack: 0xA6D661F7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:33.946667 24.209.174.0:3479 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57885 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xADB8849E  Ack: 0xA683B50A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.626483 24.209.174.0:3581 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58270 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE128C25  Ack: 0xA69DE665  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:37.827629 24.209.174.0:3591 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE1B74EC  Ack: 0xA679AEF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:47.358791 24.209.174.0:3860 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAF0AE8F3  Ack: 0xA75CAE2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:01:56.997391 24.209.174.0:4111 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFE5FFDF  Ack: 0xA7F6938E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:06.612727 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61000 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:09.601865 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61283 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0E33CCB  Ack: 0xA853CA74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.017135 24.209.174.0:4508 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61318 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB13B09A6  Ack: 0xA838CB09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.236151 24.209.174.0:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61342 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB13FF6FD  Ack: 0xA903B0CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:02:10.449728 24.209.174.0:4517 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61360 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB143A265  Ack: 0xA8319FF4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:40.905657 24.209.174.0:3228 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x183C504C  Ack: 0xE66F9904  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.256077 24.209.174.0:3238 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38409 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1845BA4C  Ack: 0xE70CF69C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:41.522890 24.209.174.0:3245 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38446 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x184C0B1F  Ack: 0xE6FC735F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.070671 24.209.174.0:3280 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38522 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x18689091  Ack: 0xE6BA3306  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:42.328540 24.209.174.0:3292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x18727C1E  Ack: 0xE6C7B6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.565808 24.209.174.0:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38585 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x18758B58  Ack: 0xE68734BB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-16:18:42.787267 24.209.174.0:3301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38613 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x187B572F  Ack: 0xE72866F9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:43.002201 24.209.174.0:3312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38640 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x18836099  Ack: 0xE65DB1EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.628395 24.209.174.0:3398 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18CE19AF  Ack: 0xE6D67D12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:46.972611 24.209.174.0:3429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18E614E0  Ack: 0xE770DC25  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:47.262194 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:50.246691 24.209.174.0:3438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x18EE8DB1  Ack: 0xE6A0E829  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:51.035263 24.209.174.0:3537 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39488 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1947824D  Ack: 0xE6EEAB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.538696 24.209.174.0:3630 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x199A3A37  Ack: 0xE7157258  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:54.841176 24.209.174.0:3638 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19A0FA82  Ack: 0xE7AA086E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.094096 24.209.174.0:3646 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39824 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19A89812  Ack: 0xE79FD184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:18:55.311770 24.209.174.0:3651 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39839 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19ADD1D9  Ack: 0xE77BAD33  Win: 0x4470  TcpLen: 20

Go to: overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.174.0	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade