SnortSnarf alert page

Source: 24.209.18.197

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

65 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:55:11.367122 on 05/13/2003
Latest: 21:33:48.248307 on 05/13/2003

6 different signatures are present for 24.209.18.197 as a source

4 instances of WEB-IIS _mem_bin access
4 instances of WEB-FRONTPAGE /_vti_bin/ access
8 instances of WEB-IIS CodeRed v2 root.exe access
12 instances of WEB-IIS multiple decode attempt
17 instances of WEB-IIS cmd.exe access
20 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.18.197 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.367122 24.209.18.197:2960 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19373 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x78F40E28  Ack: 0xD699DACB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.547363 24.209.18.197:2964 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x78F814BB  Ack: 0xD625F3A8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.654773 24.209.18.197:2966 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78F9B87B  Ack: 0xD69AD6B3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.847984 24.209.18.197:2971 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19421 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78FD8E0C  Ack: 0xD5D0E3D4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:15.529758 24.209.18.197:3054 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7945E6EB  Ack: 0xD657828B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.668616 24.209.18.197:3058 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7949ABCB  Ack: 0xD6F87BDA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.745518 24.209.18.197:3060 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x794B6279  Ack: 0xD69F5C2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.251691 24.209.18.197:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20044 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x798B7641  Ack: 0xD6E0930D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.374518 24.209.18.197:3164 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B17EAF  Ack: 0xD67C124B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.466183 24.209.18.197:3165 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B2D51B  Ack: 0xD7593314  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.469995 24.209.18.197:3166 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20567 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B3C940  Ack: 0xD72D2BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.600291 24.209.18.197:3332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A540D9F  Ack: 0xD75B07A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:34.940834 24.209.18.197:3393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20733 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A8E7E67  Ack: 0xD8226E03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.023751 24.209.18.197:3395 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A90791A  Ack: 0xD7D7E1BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.144964 24.209.18.197:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A91B3D1  Ack: 0xD7620DED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.049283 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20898 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.136709 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:07.520133 24.209.18.197:1753 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52148 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8B266062  Ack: 0xE95FCCA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:11.610580 24.209.18.197:1769 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52305 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8B35C0F5  Ack: 0xE92A9BBD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:15.664687 24.209.18.197:1808 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52478 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B6108CD  Ack: 0xE93EBF56  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.272597 24.209.18.197:1863 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52587 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B9C4512  Ack: 0xE9E253E7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.367111 24.209.18.197:1867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52602 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B9F5311  Ack: 0xEA234FB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.469208 24.209.18.197:1873 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BA49491  Ack: 0xE9AACB08  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.597251 24.209.18.197:1883 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52664 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BAB4891  Ack: 0xE9F4A8B8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.688448 24.209.18.197:1889 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52679 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BB11795  Ack: 0xEA149D32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.770248 24.209.18.197:1894 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52695 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BB523F7  Ack: 0xE94A2AAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.144810 24.209.18.197:1959 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF1E961  Ack: 0xEA4A3659  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.291326 24.209.18.197:1965 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53052 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF798F1  Ack: 0xE9F4C4B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.412282 24.209.18.197:1967 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53066 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF9AB62  Ack: 0xE9E3B75F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.538075 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53081 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.693868 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53380 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.775157 24.209.18.197:2041 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C3C8291  Ack: 0xEA499409  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.875742 24.209.18.197:2044 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53420 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8C3F86BD  Ack: 0xE9B8952F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:27.161862 24.209.18.197:2093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53629 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C6E0196  Ack: 0xE9E89381  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.075308 24.209.18.197:1340 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49905 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x694DF976  Ack: 0xB7070C9D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.219370 24.209.18.197:1344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49921 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x69513AF3  Ack: 0xB7598C9A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.330559 24.209.18.197:1346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49934 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6953CC03  Ack: 0xB72E6FDA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.432282 24.209.18.197:1348 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69553E2A  Ack: 0xB7703BCC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.516146 24.209.18.197:1352 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49952 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6958C8AB  Ack: 0xB75CB46B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:53.614482 24.209.18.197:1355 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x695A42D9  Ack: 0xB7C5B60C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:58.278915 24.209.18.197:1390 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50138 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x697E49B1  Ack: 0xB7E375B4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:58.421533 24.209.18.197:1404 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50159 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x698E4AE7  Ack: 0xB72EF0E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:01.924642 24.209.18.197:1444 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69B965DC  Ack: 0xB7AB2B06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.167945 24.209.18.197:1448 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69BE0327  Ack: 0xB7F8EA12  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.582096 24.209.18.197:1464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69C9F4A5  Ack: 0xB7B3FB36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.070159 24.209.18.197:1521 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FEE71D  Ack: 0xB874F9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.315114 24.209.18.197:1528 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A065123  Ack: 0xB881EB26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.398152 24.209.18.197:1533 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50703 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A0A00A5  Ack: 0xB837DA34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.505121 24.209.18.197:1535 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A0BCAF4  Ack: 0xB87F0CA5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:50.995461 24.209.18.197:2851 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8146 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x60E01602  Ack: 0x797C4790  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:51.101137 24.209.18.197:2855 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8167 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x60E4DDE6  Ack: 0x79305B8B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:00.464248 24.209.18.197:2969 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x615BD712  Ack: 0x7A5D8A4D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.853453 24.209.18.197:3118 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9017 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61EBC605  Ack: 0x7B2ABB9F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.979757 24.209.18.197:3119 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9029 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61ED4A1C  Ack: 0x7BA438D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.112688 24.209.18.197:3121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9042 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61EF12F1  Ack: 0x7BA9ED44  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.213130 24.209.18.197:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9054 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61F2F0D8  Ack: 0x7BA2D8D4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.843358 24.209.18.197:3188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9460 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622ECA64  Ack: 0x7B45C918  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.995783 24.209.18.197:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62555A5F  Ack: 0x7BB493C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.282343 24.209.18.197:3421 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10170 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6305A5AD  Ack: 0x7C7C4808  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.398027 24.209.18.197:3423 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630802DD  Ack: 0x7BFBB762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.473774 24.209.18.197:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630910E7  Ack: 0x7BF8E82C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:35.764625 24.209.18.197:3561 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x638E8C27  Ack: 0x7CF13E67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.844491 24.209.18.197:3563 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63901A11  Ack: 0x7CB13419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.940394 24.209.18.197:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10739 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x63C33E15  Ack: 0x7CE52832  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:48.248307 24.209.18.197:3777 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6459F219  Ack: 0x7DCBBDD1  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.209.18.197	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade