SnortSnarf alert page

Source: 24.209.219.162: #101-200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 06:49:34.797810 on 05/22/2003
Latest: 09:59:06.260874 on 05/22/2003

6 different signatures are present for 24.209.219.162 as a source

13 instances of WEB-IIS _mem_bin access
13 instances of WEB-FRONTPAGE /_vti_bin/ access
27 instances of WEB-IIS CodeRed v2 root.exe access
43 instances of WEB-IIS multiple decode attempt
52 instances of WEB-IIS cmd.exe access
65 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.219.162 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.797810 24.209.219.162:1566 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2882 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68EADBD6  Ack: 0x40BBFAC9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.850818 24.209.219.162:1696 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2889 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6952BBFE  Ack: 0x415278F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.929185 24.209.219.162:1700 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2901 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69556AF6  Ack: 0x40C2EF4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:37.974234 24.209.219.162:1844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D1C08F  Ack: 0x41B7D37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:38.038747 24.209.219.162:1847 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D49EC8  Ack: 0x415BC1F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:38.107077 24.209.219.162:1852 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3563 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x69D87582  Ack: 0x4179606A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.211525 24.209.219.162:1975 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A3D3D09  Ack: 0x40F2E093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.276604 24.209.219.162:1983 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4146 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4408A4  Ack: 0x41A734FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.336312 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A457EA2  Ack: 0x411A663F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.407428 24.209.219.162:1989 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4835A6  Ack: 0x4176BAC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.495632 24.209.219.162:1998 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A4F5BAE  Ack: 0x41689AD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.560074 24.209.219.162:2010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A57C8FE  Ack: 0x413D3833  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.640496 24.209.219.162:2012 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4264 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A598C9C  Ack: 0x4132A6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.694652 24.209.219.162:2025 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A608629  Ack: 0x4118ADB9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:16.180610 24.209.219.162:2477 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x325D57FD  Ack: 0x78653761  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:25.407559 24.209.219.162:2937 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:19365 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x339BA22F  Ack: 0x79622F27  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:28.476758 24.209.219.162:3444 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x34B1682C  Ack: 0x795EB5F7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:37.699083 24.209.219.162:4687 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22512 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36CB300A  Ack: 0x79BA73E1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:38.059711 24.209.219.162:4718 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D53AA4  Ack: 0x79CC7F7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:44.642034 24.209.219.162:1032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374B678A  Ack: 0x79E30701  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:53.828667 24.209.219.162:2091 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3A4B21BD  Ack: 0x7B50717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.174998 24.209.219.162:2354 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26741 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3B1431C5  Ack: 0x7B8C33BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.249007 24.209.219.162:2357 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B16FC95  Ack: 0x7A92051A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.339550 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B1E7E7A  Ack: 0x7B418D8A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.416034 24.209.219.162:2381 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B285EB8  Ack: 0x7B2FF19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.473940 24.209.219.162:2385 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26875 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B2B0DA6  Ack: 0x7B460B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.815894 24.209.219.162:2833 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28680 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3C726970  Ack: 0x7BE87C43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.878445 24.209.219.162:2837 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C74BC6A  Ack: 0x7C13655F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.952694 24.209.219.162:2844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28715 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3C79255F  Ack: 0x7B785B6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:07.018960 24.209.219.162:2860 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28743 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C81DA0E  Ack: 0x7BED4FD7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.146428 24.209.219.162:2744 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27452 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7D30FCF9  Ack: 0x8DCE3690  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.209627 24.209.219.162:2767 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27466 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7D39FBAF  Ack: 0x8E7DA20C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.270780 24.209.219.162:2775 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27491 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D3F728E  Ack: 0x8DD34C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.354163 24.209.219.162:2778 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27506 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D41BA43  Ack: 0x8E67916E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.420587 24.209.219.162:2786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D4712A0  Ack: 0x8DE598F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:03.882307 24.209.219.162:3277 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28579 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E51F36B  Ack: 0x8EA2A191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:07.040075 24.209.219.162:3961 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29416 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7F7D265C  Ack: 0x8EED7B61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.107947 24.209.219.162:4009 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29449 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7F8FB144  Ack: 0x8ED563AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.163916 24.209.219.162:4010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29482 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7F910DCC  Ack: 0x8E8FF64F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.789733 24.209.219.162:4814 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:31992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x813085C4  Ack: 0x8EE7A25F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.860112 24.209.219.162:4993 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818C1A6F  Ack: 0x8F81FEF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.914543 24.209.219.162:4995 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818D41C5  Ack: 0x8F6BFF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.019679 24.209.219.162:1027 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32058 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8192C55C  Ack: 0x8EEB4184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.096121 24.209.219.162:1029 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32068 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8193F437  Ack: 0x8F583E07  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.159567 24.209.219.162:1039 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x819C0F89  Ack: 0x8EE67A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.236735 24.209.219.162:1044 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x81A00418  Ack: 0x8F1F19E3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:02.361031 24.209.219.162:2344 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x784CAA93  Ack: 0x1A8C8071  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.099850 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A1A4AC2  Ack: 0x1BA6BED4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.246191 24.209.219.162:3490 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC5597B  Ack: 0x1BA29551  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.304937 24.209.219.162:3492 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC6A66A  Ack: 0x1B21E0D8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.357263 24.209.219.162:3533 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AD4EBBC  Ack: 0x1B39334A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:24.613854 24.209.219.162:4594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3767 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7CEEFEB9  Ack: 0x1BE7457A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:33.930101 24.209.219.162:1545 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:5678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7EF4851D  Ack: 0x1C0445CF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:43.467376 24.209.219.162:2346 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7692 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x81594DD8  Ack: 0x1D0256CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.694719 24.209.219.162:2960 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82E888CE  Ack: 0x1D8BF10D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.785612 24.209.219.162:2967 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82EA3224  Ack: 0x1D4C4063  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:02.157662 24.209.219.162:4068 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84E62FA7  Ack: 0x1E0C1930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:11.484723 24.209.219.162:1104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C9E2A3  Ack: 0x1F38420D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:17.970499 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14229 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:23.977665 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.028436 24.209.219.162:2448 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16536 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AA8E157  Ack: 0x1F668E42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.079199 24.209.219.162:2454 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16550 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AAD5F93  Ack: 0x2015226F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.134918 24.209.219.162:2458 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB071C5  Ack: 0x1FAA30F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:30.821986 24.209.219.162:2478 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9668 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD8364BF4  Ack: 0x7DD83F69  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.153190 24.209.219.162:3194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9D06D55  Ack: 0x7F0DED6E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.206663 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9D1FAE5  Ack: 0x7EE8BF83  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.578144 24.209.219.162:4660 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC650FE7  Ack: 0x7F883334  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.664255 24.209.219.162:4667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13709 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC679B25  Ack: 0x7F719EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.735029 24.209.219.162:4677 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6A0C8F  Ack: 0x7F7C98E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.825110 24.209.219.162:4678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13779 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6AA0DF  Ack: 0x7F07723B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:53.332907 24.209.219.162:4736 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC81A748  Ack: 0x7F09722B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.714278 24.209.219.162:1849 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF4BCC99  Ack: 0x8019316C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.793111 24.209.219.162:1861 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5922C2  Ack: 0x7FE5796A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.899542 24.209.219.162:1868 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5EBE4C  Ack: 0x7FCD570C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.968167 24.209.219.162:1870 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16701 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF605B1F  Ack: 0x8089E8D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:03.023912 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16712 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:05.935768 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.182877 24.209.219.162:2031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE26668  Ack: 0x80E0192E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.241934 24.209.219.162:2033 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17358 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDFE3E7F8  Ack: 0x8052B2FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.304378 24.209.219.162:2036 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17364 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE619B2  Ack: 0x80806196  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.216983 24.209.219.162:2241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:918 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA2A0F  Ack: 0xC52FE17B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.281550 24.209.219.162:2244 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:937 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE4AC6DE0  Ack: 0xC4E36A32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.339594 24.209.219.162:2247 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:944 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4AF1F27  Ack: 0xC5D435CE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.420031 24.209.219.162:2250 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4B12738  Ack: 0xC51CCAF6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.492685 24.209.219.162:2257 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B72FAC  Ack: 0xC4DF82F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:31.570539 24.209.219.162:2258 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1023 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE4B7FC1B  Ack: 0xC55CD704  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:34.629681 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1649 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE53589A4  Ack: 0xC58F7C3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:43.826697 24.209.219.162:3953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3984 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE8031720  Ack: 0xC5D65745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.128105 24.209.219.162:4913 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F51A60  Ack: 0xC632B626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.182270 24.209.219.162:4918 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6460 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F8E029  Ack: 0xC6F27FAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:56.235473 24.209.219.162:1194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7151 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA7BDDC1  Ack: 0xC6B874EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.460341 24.209.219.162:2151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED418666  Ack: 0xC75782E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.544357 24.209.219.162:2152 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED427E68  Ack: 0xC76B4ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.584645 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.524343 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.784342 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10386 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEDFC4F29  Ack: 0xC7FA57AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:18.107931 24.209.219.162:3220 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEFFFE3BD  Ack: 0xC7DF643A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.131068 24.209.219.162:4145 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x346BAF75  Ack: 0xB513E31  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.456389 24.209.219.162:4268 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52570 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x348C8FB7  Ack: 0xB632F62  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.260874 24.209.219.162:4804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35A2A3BA  Ack: 0xBCD8950  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.209.219.162	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade