SnortSnarf alert page

Source: 24.209.196.254: #101-134

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:47:57.926861 on 06/02/2003
Latest: 20:54:26.042846 on 06/11/2003

2 different signatures are present for 24.209.196.254 as a source

66 instances of WEB-IIS ISAPI .ida attempt
68 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.196.254 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:47:57.926861 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFDB1D  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:48:03.936638 24.209.196.254:2131 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42594 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2AFE0D1  Ack: 0xA870EE3A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.048572 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11706 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF76054A  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-19:30:52.110669 24.209.196.254:2429 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11710 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF760AFE  Ack: 0x3918BB1D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.608861 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FAC816  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-20:40:45.617375 24.209.196.254:1680 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60FACDCA  Ack: 0x4259CFA2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.744844 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60104 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBAB44D  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:12:18.746122 24.209.196.254:4122 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60105 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBBABA01  Ack: 0xC057F7B0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.190363 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D1A61  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-12:38:03.202522 24.209.196.254:4300 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x843D2015  Ack: 0x215C52FE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.715696 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1321FC89  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:44:02.716993 24.209.196.254:4762 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:48308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1322023D  Ack: 0xFE3B935F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.061848 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D95DFD  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-14:47:00.093795 24.209.196.254:1084 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61432 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D963B1  Ack: 0x890AAF8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.805888 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32186 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC8892E4  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:24:45.807169 24.209.196.254:3586 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32187 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDC889898  Ack: 0x96EB6F32  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.446772 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46972 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16867  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-15:28:08.448069 24.209.196.254:4366 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECF16E1B  Ack: 0xA42F927B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.165641 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43993 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD002FCE8  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-19:57:32.212616 24.209.196.254:1270 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD003029C  Ack: 0x9DBC924B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.223438 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51173 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3021113  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-21:09:44.296490 24.209.196.254:4427 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:51177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x30216C7  Ack: 0xAD90DC2D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.972916 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21955 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE808E  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-19:27:22.974260 24.209.196.254:4047 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:21956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2DBE8642  Ack: 0x6B2B51E8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.809215 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF331786E  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-20:54:44.816844 24.209.196.254:1255 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:33110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3317E22  Ack: 0xB5DEF524  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.580233 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20BEFB  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-22:10:20.587799 24.209.196.254:4121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:42041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F20C4AF  Ack: 0xD367309C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.233436 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x607FFBCD  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-23:00:29.264392 24.209.196.254:2110 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60800181  Ack: 0x8FF11AA1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.623484 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BE7A0  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.631200 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BED54  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.015552 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042173  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.042846 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44375 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042727  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.196.254	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade