SnortSnarf alert page

Source: 24.209.219.162: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:31:55.617806 on 05/21/2003
Latest: 06:49:22.214796 on 05/22/2003

6 different signatures are present for 24.209.219.162 as a source

13 instances of WEB-IIS _mem_bin access
13 instances of WEB-FRONTPAGE /_vti_bin/ access
27 instances of WEB-IIS CodeRed v2 root.exe access
43 instances of WEB-IIS multiple decode attempt
52 instances of WEB-IIS cmd.exe access
65 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.219.162 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:55.617806 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41004 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:58.206598 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:42060 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:02.581769 24.209.219.162:2177 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43889 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x30054357  Ack: 0xE9C7F19F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:06.606051 24.209.219.162:2857 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45306 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31A275E8  Ack: 0xEAA50074  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.200122 24.209.219.162:2969 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45678 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31F3E9A5  Ack: 0xE9FE60D0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.860645 24.209.219.162:3140 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3274F136  Ack: 0xEAB62C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:08.013768 24.209.219.162:3204 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:46053 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x32A75A57  Ack: 0xE9FB9BCE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:11.724381 24.209.219.162:3688 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3381417E  Ack: 0xEA74A733  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:11.994124 24.209.219.162:3706 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x33913528  Ack: 0xEAA211A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:16.772817 24.209.219.162:4123 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:48631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34D57F18  Ack: 0xEB4FF2B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:17.797275 24.209.219.162:4297 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3534CBD4  Ack: 0xEAC5F834  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.477739 24.209.219.162:4880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36157D92  Ack: 0xEB4A3A60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.767329 24.209.219.162:1094 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3680595F  Ack: 0xEB4FF1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.969599 24.209.219.162:1165 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49688 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36B37302  Ack: 0xEAE0F309  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.157916 24.209.219.162:1217 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D7D2DD  Ack: 0xEAECFF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.413768 24.209.219.162:1319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:50006 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372F2965  Ack: 0xEB29C3DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:23.292273 24.209.219.162:1618 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51409 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F9CA9D  Ack: 0xEB01F58E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.171658 24.209.219.162:4235 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE058A803  Ack: 0x6D80B252  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.284619 24.209.219.162:4251 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62699 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE0621AC7  Ack: 0x6DBB4631  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.333253 24.209.219.162:4750 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63793 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10A8A88  Ack: 0x6D307187  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.468011 24.209.219.162:4755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10E3DB4  Ack: 0x6D0F2EE2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.590413 24.209.219.162:4793 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63882 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1257017  Ack: 0x6D0B62C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:47.911561 24.209.219.162:1199 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE1F86B4B  Ack: 0x6DAAB293  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:51.215431 24.209.219.162:1594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:65376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE32A0ADC  Ack: 0x6DB510E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.712570 24.209.219.162:1988 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:761 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE45D58AD  Ack: 0x6DD9E45D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.794658 24.209.219.162:2032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4797D3F  Ack: 0x6E80346A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.851764 24.209.219.162:2058 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:835 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE48D866C  Ack: 0x6DDAE962  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.149823 24.209.219.162:2070 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:858 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE49AE83D  Ack: 0x6E6455E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.666306 24.209.219.162:2319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE503156B  Ack: 0x6E071D58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.904468 24.209.219.162:2356 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1282 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE520C3EB  Ack: 0x6DD666B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.976415 24.209.219.162:2363 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE526B02B  Ack: 0x6DE52F26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.031569 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1317 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE529C2B6  Ack: 0x6DF6FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.156230 24.209.219.162:2376 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5301BB5  Ack: 0x6E7B4574  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.057872 24.209.219.162:4319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45322 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE73CE1C  Ack: 0x1039EF83  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.217079 24.209.219.162:4322 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE76439D  Ack: 0x10EEC7BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.313446 24.209.219.162:4329 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE79C566  Ack: 0x104A9540  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:52.636949 24.209.219.162:1637 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47423 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x110F1FBB  Ack: 0x10A56449  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:01.972402 24.209.219.162:2302 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13180700  Ack: 0x11DDC058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.629102 24.209.219.162:3437 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51845 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1569FD4D  Ack: 0x127C81E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.720857 24.209.219.162:3765 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16366F91  Ack: 0x12217004  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:24.009159 24.209.219.162:4951 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:53702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17BE5503  Ack: 0x132D9222  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.222681 24.209.219.162:1746 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55054 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CCA030  Ack: 0x13E482EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.281009 24.209.219.162:1747 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CE451A  Ack: 0x1389CBF0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.380267 24.209.219.162:1749 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D02325  Ack: 0x130A47E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.457620 24.209.219.162:1755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D4C618  Ack: 0x13811713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.525806 24.209.219.162:1757 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x19D6F2EC  Ack: 0x138B9D78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.590561 24.209.219.162:1758 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19D7775C  Ack: 0x131813B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.639186 24.209.219.162:1781 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55175 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19E8B534  Ack: 0x13861B0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.711240 24.209.219.162:1786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55190 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19EAFDD1  Ack: 0x13DE4842  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.327918 24.209.219.162:1483 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25615 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF155753F  Ack: 0xF6C00DD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.431970 24.209.219.162:1499 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF1619DA3  Ack: 0xEF944DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.556440 24.209.219.162:1521 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25712 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF172BFEC  Ack: 0xFA6EE70  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.242311 24.209.219.162:2366 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28015 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF40911E6  Ack: 0xFA147C2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.360430 24.209.219.162:2390 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF41C14B3  Ack: 0x1030FB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.423323 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF420BAA1  Ack: 0xFC570AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.487895 24.209.219.162:2400 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF424234F  Ack: 0x1046FAEF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.591918 24.209.219.162:2404 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF4270687  Ack: 0x10365E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.642447 24.209.219.162:2409 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28184 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF42AA2E5  Ack: 0x102AD646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.694227 24.209.219.162:2422 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF434BE5E  Ack: 0x103648EE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.770837 24.209.219.162:2425 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF436F9CF  Ack: 0xFFD305A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.875921 24.209.219.162:2452 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28336 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF44A64B8  Ack: 0x101E8A3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.325275 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF4C3FB2E  Ack: 0x107893E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.390964 24.209.219.162:2609 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4C7C6C4  Ack: 0x100069BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.479718 24.209.219.162:2612 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29111 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF4CAAE3E  Ack: 0x1057FD39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.576374 24.209.219.162:2615 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4CD662A  Ack: 0x10189A90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:32.861352 24.209.219.162:1921 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6444130  Ack: 0x12AC298A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.044030 24.209.219.162:2882 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8F79909  Ack: 0x12E30A6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.106911 24.209.219.162:2929 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91087BC  Ack: 0x12E72AA8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.402050 24.209.219.162:2941 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20494 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91B33A4  Ack: 0x133B6F9D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.452363 24.209.219.162:2948 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF91D0987  Ack: 0x1309B642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.736286 24.209.219.162:3151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C66F4F  Ack: 0x13DED8A7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.831394 24.209.219.162:3166 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C8F920  Ack: 0x13F98101  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:45.887705 24.209.219.162:3169 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21344 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9CC17D1  Ack: 0x133B3BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:55.262552 24.209.219.162:1031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC11DA6A  Ack: 0x1436CE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:07.824801 24.209.219.162:1805 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFED491C1  Ack: 0x14C2787C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.125339 24.209.219.162:3231 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x17CF91A  Ack: 0x15419D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.184049 24.209.219.162:3236 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1814F9C  Ack: 0x15D764DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.244329 24.209.219.162:3239 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x183CB2B  Ack: 0x1532691E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.289143 24.209.219.162:3240 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x184F750  Ack: 0x157135F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.355114 24.209.219.162:3241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28377 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x185AFCA  Ack: 0x1594B3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:26.570589 24.209.219.162:4464 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:30695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43EB8C0  Ack: 0x16351E8A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:15.767772 24.209.219.162:2667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:33560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4821949B  Ack: 0x3803C825  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.653225 24.209.219.162:2818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x484D4BA0  Ack: 0x3808572F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.890753 24.209.219.162:3818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34766 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F42441  Ack: 0x38717D7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.959326 24.209.219.162:3825 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34783 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F9C557  Ack: 0x386E3800  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:23.536864 24.209.219.162:3876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A0E23D6  Ack: 0x380DAAD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:23.888874 24.209.219.162:4195 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AD34C86  Ack: 0x37E17560  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:24.014043 24.209.219.162:4234 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AF08702  Ack: 0x3851225A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.100665 24.209.219.162:4238 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35979 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AF4ABE2  Ack: 0x37D76F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.169344 24.209.219.162:4242 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35994 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF75154  Ack: 0x37CAB47B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.582260 24.209.219.162:1110 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38334 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB0336E  Ack: 0x391F9085  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.652621 24.209.219.162:1114 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38349 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3299A  Ack: 0x38B0FB98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.720380 24.209.219.162:1115 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3D535  Ack: 0x3899264E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:43.010132 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:40965 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:46.126004 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41692 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.453483 24.209.219.162:2845 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5170C486  Ack: 0x3ADD899F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.778198 24.209.219.162:2880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43321 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5186BD4B  Ack: 0x3AB6149E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.836189 24.209.219.162:2936 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5194097B  Ack: 0x3B0691ED  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:12.873580 24.209.219.162:3248 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62967 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x642CFE1E  Ack: 0x3FE0BF33  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:22.214796 24.209.219.162:3943 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64826 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x65D6CBD6  Ack: 0x3FD9FC59  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.209.219.162	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade