SnortSnarf alert page

Source: 24.209.191.91: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:23:57.740726 on 05/19/2003
Latest: 13:46:45.117540 on 05/24/2003

7 different signatures are present for 24.209.191.91 as a source

5 instances of WEB-IIS _mem_bin access
5 instances of WEB-FRONTPAGE /_vti_bin/ access
10 instances of WEB-IIS CodeRed v2 root.exe access
16 instances of WEB-IIS multiple decode attempt
25 instances of WEB-IIS unicode directory traversal attempt
27 instances of WEB-IIS ISAPI .ida attempt
48 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.191.91 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.740726 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6659  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:57.751487 24.209.191.91:1575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397C6C0D  Ack: 0xC03FE09A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.408155 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44067 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D93AD  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:23:58.411726 24.209.191.91:1596 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44068 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x398D9961  Ack: 0xC0A1306F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.300716 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEB69B  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:00.310687 24.209.191.91:1655 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39BEBC4F  Ack: 0xC073D40B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.645678 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F4FCD  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.655786 24.209.191.91:1818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A4F5581  Ack: 0xC0C4D4F7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.949414 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CBE40  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:06.959757 24.209.191.91:1834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A5CC3F4  Ack: 0xC0C57D02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.307275 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2597  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.317832 24.209.191.91:1854 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44885 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A6D2B4B  Ack: 0xC14D6ACF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.702026 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C075B  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:07.711849 24.209.191.91:1872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A7C0D0F  Ack: 0xC0A2A2C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.008262 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD2671B  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:11.018895 24.209.191.91:1975 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AD26CCF  Ack: 0xC105C41C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.913942 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DCA78  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:16.926516 24.209.191.91:2132 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B5DD02C  Ack: 0xC1D0EF0B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.580057 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46062 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30830  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:19.589785 24.209.191.91:2232 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46063 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB30DE4  Ack: 0xC1A17D1E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.389676 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46151 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC86EEB  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.400735 24.209.191.91:2255 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46152 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BC8749F  Ack: 0xC12C5596  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.712128 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0C95F  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:20.721273 24.209.191.91:2265 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BD0CF13  Ack: 0xC19D0F94  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.350245 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47834 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA5954A  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:24:39.361007 24.209.191.91:2814 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47835 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DA59AFE  Ack: 0xC329F083  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.375281 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45530DF7  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:56.385774 24.209.191.91:1138 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x455313AB  Ack: 0xC804EA5B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.271624 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A97EFB  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:25:59.280016 24.209.191.91:1241 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A984AF  Ack: 0xC855F8F9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.258871 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DBE90  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:06.269110 24.209.191.91:1429 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:56075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x464DC444  Ack: 0xC8BBE281  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.297972 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A19AC5  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:19.308614 24.209.191.91:1822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x47A1A079  Ack: 0xC98C63B2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.562001 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49762F18  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:38.572365 24.209.191.91:2363 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58924 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x497634CC  Ack: 0xCA835B8B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.609531 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59131 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B430D6  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:40.623400 24.209.191.91:2438 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59132 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49B4368A  Ack: 0xCAF4CA80  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.082083 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59666 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A2836D7  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:45.092297 24.209.191.91:2574 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59667 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A283C8B  Ack: 0xCB37E9D4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.163196 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A677FD8  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:48.173113 24.209.191.91:2647 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A67858C  Ack: 0xCB9C7BB1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.560575 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60056 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A97353E  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:49.575279 24.209.191.91:2704 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60057 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A973AF2  Ack: 0xCBC5E1AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.523541 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60433 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E298  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:26:52.533361 24.209.191.91:2702 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:60434 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A94E84C  Ack: 0xCB368008  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.571100 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61508 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D0D58  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:04.581184 24.209.191.91:3161 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C1D130C  Ack: 0xCC1C7E1B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.518192 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61595 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ECC00  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:05.527686 24.209.191.91:3182 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C2ED1B4  Ack: 0xCCEE8B83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.958561 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C59FD9D  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:07.969678 24.209.191.91:3230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:61756 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C5A0351  Ack: 0xCCFFB742  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.928206 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D4002A8  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-18:27:16.938388 24.209.191.91:3504 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:62542 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D40085C  Ack: 0xCCC130FF  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:52.425561 24.209.191.91:4146 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37734 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2139606  Ack: 0xE4924DE9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.048159 24.209.191.91:4167 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37821 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x226C452  Ack: 0xE43040DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.548397 24.209.191.91:4179 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37881 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2313120  Ack: 0xE47286DE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.082108 24.209.191.91:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37961 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x23E425B  Ack: 0xE4C05727  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.669769 24.209.191.91:4215 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24E44CC  Ack: 0xE4F2FD34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:05:55.162912 24.209.191.91:4234 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38115 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x25E388C  Ack: 0xE4451896  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:06:04.589679 24.209.191.91:4544 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39509 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x363DC25  Ack: 0xE521FB99  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.093175 24.209.191.91:4818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40795 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4512ABD  Ack: 0xE55C3004  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.629291 24.209.191.91:4834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40878 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45ED66F  Ack: 0xE54AE616  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:23.981386 24.209.191.91:1217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42510 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B6126  Ack: 0xE632D75A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:24.198869 24.209.191.91:1226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42564 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x583750A  Ack: 0xE6B8AC24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:27.803275 24.209.191.91:1345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43128 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5E79CE9  Ack: 0xE619BC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.125639 24.209.191.91:1359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5F25110  Ack: 0xE6D0B68E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.397008 24.209.191.91:1368 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F9E7DD  Ack: 0xE6347C55  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.688320 24.209.191.91:1380 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43289 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x603B7C0  Ack: 0xE70A6FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.920097 24.209.191.91:1389 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x60BE3F7  Ack: 0xE6980AA6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:41.084196 24.209.191.91:2323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:371 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x586A8262  Ack: 0x52476095  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:44.705966 24.209.191.91:2408 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:856 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x58B5BFD8  Ack: 0x51B49F0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:54.103416 24.209.191.91:2673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:2224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x599B4927  Ack: 0x52C19855  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.329390 24.209.191.91:2946 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3583 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5A890C83  Ack: 0x538FB5A6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.631152 24.209.191.91:2953 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3619 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5A8F56E0  Ack: 0x53A0BC93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:03.885347 24.209.191.91:2958 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3660 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A93F9A2  Ack: 0x52EEC2DA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:04.144198 24.209.191.91:2963 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3702 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A980D84  Ack: 0x53878BF8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.427891 24.209.191.91:2970 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3753 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5A9E2222  Ack: 0x52C28BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.712544 24.209.191.91:2980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AA66947  Ack: 0x535A9085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.976670 24.209.191.91:2984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AAA8D1C  Ack: 0x53B203BA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:05.226058 24.209.191.91:2991 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AB06071  Ack: 0x53641690  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:08.531046 24.209.191.91:3070 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AF3DAC7  Ack: 0x53C873E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:17.931469 24.209.191.91:3327 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5585 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5BCF0325  Ack: 0x544D92B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.222616 24.209.191.91:3338 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5638 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BD7FA26  Ack: 0x54439209  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.489036 24.209.191.91:3350 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5681 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5BE27B6B  Ack: 0x53AD287F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.778512 24.209.191.91:3358 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BE9C736  Ack: 0x5420E079  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:04.727043 24.209.191.91:3963 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9457 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x656435E5  Ack: 0xE643FC7B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.192428 24.209.191.91:4016 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9652 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x658C3024  Ack: 0xE6014BE3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.525892 24.209.191.91:4037 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9750 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x659CDE0B  Ack: 0xE6D94D86  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:14.920890 24.209.191.91:4811 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12616 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x67FBC6DE  Ack: 0xE74C4A7D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:15.306175 24.209.191.91:4842 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12745 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6813AA59  Ack: 0xE785F9F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.617872 24.209.191.91:1751 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:15997 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AAB80EA  Ack: 0xE7C0D95F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.997840 24.209.191.91:1787 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:16088 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AC5EE51  Ack: 0xE7707AA9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.344238 24.209.191.91:2083 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6BA56A71  Ack: 0xE7979D1C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.636400 24.209.191.91:2101 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BB3DE32  Ack: 0xE7FD364F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:32.149712 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:18289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:38.731428 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:20531 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.370240 24.209.191.91:3221 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F0DFEF1  Ack: 0xE8B3652E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.652612 24.209.191.91:3237 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F1A1E4A  Ack: 0xE843BEE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:45.117540 24.209.191.91:3536 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22499 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6FF95F9E  Ack: 0xE91D73EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.191.91	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade