SnortSnarf alert page

Source: 24.209.219.162

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

213 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:31:55.617806 on 05/21/2003
Latest: 09:59:27.213821 on 05/22/2003

6 different signatures are present for 24.209.219.162 as a source

13 instances of WEB-IIS _mem_bin access
13 instances of WEB-FRONTPAGE /_vti_bin/ access
27 instances of WEB-IIS CodeRed v2 root.exe access
43 instances of WEB-IIS multiple decode attempt
52 instances of WEB-IIS cmd.exe access
65 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.219.162 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:55.617806 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41004 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:31:58.206598 24.209.219.162:4821 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:42060 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D6F195E  Ack: 0xE9A50F56  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:02.581769 24.209.219.162:2177 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43889 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x30054357  Ack: 0xE9C7F19F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:06.606051 24.209.219.162:2857 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45306 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31A275E8  Ack: 0xEAA50074  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.200122 24.209.219.162:2969 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45678 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x31F3E9A5  Ack: 0xE9FE60D0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:07.860645 24.209.219.162:3140 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3274F136  Ack: 0xEAB62C8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:08.013768 24.209.219.162:3204 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:46053 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x32A75A57  Ack: 0xE9FB9BCE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-22:32:11.724381 24.209.219.162:3688 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47176 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3381417E  Ack: 0xEA74A733  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:11.994124 24.209.219.162:3706 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x33913528  Ack: 0xEAA211A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:16.772817 24.209.219.162:4123 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:48631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34D57F18  Ack: 0xEB4FF2B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:17.797275 24.209.219.162:4297 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3534CBD4  Ack: 0xEAC5F834  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.477739 24.209.219.162:4880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49346 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36157D92  Ack: 0xEB4A3A60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.767329 24.209.219.162:1094 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3680595F  Ack: 0xEB4FF1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:18.969599 24.209.219.162:1165 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49688 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36B37302  Ack: 0xEAE0F309  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.157916 24.209.219.162:1217 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D7D2DD  Ack: 0xEAECFF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:19.413768 24.209.219.162:1319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:50006 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x372F2965  Ack: 0xEB29C3DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-22:32:23.292273 24.209.219.162:1618 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51409 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F9CA9D  Ack: 0xEB01F58E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.171658 24.209.219.162:4235 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE058A803  Ack: 0x6D80B252  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:41.284619 24.209.219.162:4251 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62699 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE0621AC7  Ack: 0x6DBB4631  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.333253 24.209.219.162:4750 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63793 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10A8A88  Ack: 0x6D307187  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.468011 24.209.219.162:4755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE10E3DB4  Ack: 0x6D0F2EE2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:44.590413 24.209.219.162:4793 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:63882 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1257017  Ack: 0x6D0B62C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:47.911561 24.209.219.162:1199 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE1F86B4B  Ack: 0x6DAAB293  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-00:14:51.215431 24.209.219.162:1594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:65376 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE32A0ADC  Ack: 0x6DB510E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.712570 24.209.219.162:1988 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:761 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE45D58AD  Ack: 0x6DD9E45D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.794658 24.209.219.162:2032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4797D3F  Ack: 0x6E80346A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:54.851764 24.209.219.162:2058 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:835 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE48D866C  Ack: 0x6DDAE962  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.149823 24.209.219.162:2070 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:858 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE49AE83D  Ack: 0x6E6455E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.666306 24.209.219.162:2319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE503156B  Ack: 0x6E071D58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.904468 24.209.219.162:2356 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1282 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE520C3EB  Ack: 0x6DD666B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:55.976415 24.209.219.162:2363 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE526B02B  Ack: 0x6DE52F26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.031569 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1317 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE529C2B6  Ack: 0x6DF6FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-00:14:56.156230 24.209.219.162:2376 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE5301BB5  Ack: 0x6E7B4574  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.057872 24.209.219.162:4319 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45322 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE73CE1C  Ack: 0x1039EF83  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.217079 24.209.219.162:4322 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE76439D  Ack: 0x10EEC7BB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:43.313446 24.209.219.162:4329 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:45365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE79C566  Ack: 0x104A9540  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:05:52.636949 24.209.219.162:1637 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:47423 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x110F1FBB  Ack: 0x10A56449  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:01.972402 24.209.219.162:2302 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:49286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x13180700  Ack: 0x11DDC058  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.629102 24.209.219.162:3437 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51845 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1569FD4D  Ack: 0x127C81E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-02:06:14.720857 24.209.219.162:3765 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:51853 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16366F91  Ack: 0x12217004  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:24.009159 24.209.219.162:4951 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:53702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17BE5503  Ack: 0x132D9222  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.222681 24.209.219.162:1746 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55054 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CCA030  Ack: 0x13E482EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.281009 24.209.219.162:1747 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CE451A  Ack: 0x1389CBF0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.380267 24.209.219.162:1749 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55075 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D02325  Ack: 0x130A47E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.457620 24.209.219.162:1755 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19D4C618  Ack: 0x13811713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.525806 24.209.219.162:1757 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x19D6F2EC  Ack: 0x138B9D78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.590561 24.209.219.162:1758 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19D7775C  Ack: 0x131813B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.639186 24.209.219.162:1781 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55175 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x19E8B534  Ack: 0x13861B0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:33.711240 24.209.219.162:1786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55190 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x19EAFDD1  Ack: 0x13DE4842  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.327918 24.209.219.162:1483 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25615 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF155753F  Ack: 0xF6C00DD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.431970 24.209.219.162:1499 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF1619DA3  Ack: 0xEF944DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:01.556440 24.209.219.162:1521 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25712 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF172BFEC  Ack: 0xFA6EE70  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.242311 24.209.219.162:2366 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28015 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF40911E6  Ack: 0xFA147C2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.360430 24.209.219.162:2390 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF41C14B3  Ack: 0x1030FB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.423323 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF420BAA1  Ack: 0xFC570AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-03:13:11.487895 24.209.219.162:2400 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28149 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF424234F  Ack: 0x1046FAEF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.591918 24.209.219.162:2404 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF4270687  Ack: 0x10365E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.642447 24.209.219.162:2409 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28184 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF42AA2E5  Ack: 0x102AD646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.694227 24.209.219.162:2422 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF434BE5E  Ack: 0x103648EE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.770837 24.209.219.162:2425 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28266 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF436F9CF  Ack: 0xFFD305A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:11.875921 24.209.219.162:2452 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28336 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF44A64B8  Ack: 0x101E8A3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.325275 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF4C3FB2E  Ack: 0x107893E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.390964 24.209.219.162:2609 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4C7C6C4  Ack: 0x100069BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.479718 24.209.219.162:2612 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29111 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF4CAAE3E  Ack: 0x1057FD39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-03:13:15.576374 24.209.219.162:2615 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29120 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF4CD662A  Ack: 0x10189A90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:32.861352 24.209.219.162:1921 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6444130  Ack: 0x12AC298A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.044030 24.209.219.162:2882 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF8F79909  Ack: 0x12E30A6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.106911 24.209.219.162:2929 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91087BC  Ack: 0x12E72AA8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.402050 24.209.219.162:2941 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20494 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF91B33A4  Ack: 0x133B6F9D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:42.452363 24.209.219.162:2948 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF91D0987  Ack: 0x1309B642  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.736286 24.209.219.162:3151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21319 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C66F4F  Ack: 0x13DED8A7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-05:29:45.831394 24.209.219.162:3166 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9C8F920  Ack: 0x13F98101  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:45.887705 24.209.219.162:3169 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:21344 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9CC17D1  Ack: 0x133B3BC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:29:55.262552 24.209.219.162:1031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23591 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFC11DA6A  Ack: 0x1436CE29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:07.824801 24.209.219.162:1805 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFED491C1  Ack: 0x14C2787C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.125339 24.209.219.162:3231 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x17CF91A  Ack: 0x15419D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.184049 24.209.219.162:3236 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1814F9C  Ack: 0x15D764DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.244329 24.209.219.162:3239 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x183CB2B  Ack: 0x1532691E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.289143 24.209.219.162:3240 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x184F750  Ack: 0x157135F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:17.355114 24.209.219.162:3241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28377 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x185AFCA  Ack: 0x1594B3AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-05:30:26.570589 24.209.219.162:4464 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:30695 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x43EB8C0  Ack: 0x16351E8A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:15.767772 24.209.219.162:2667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:33560 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4821949B  Ack: 0x3803C825  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.653225 24.209.219.162:2818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34675 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x484D4BA0  Ack: 0x3808572F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.890753 24.209.219.162:3818 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34766 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F42441  Ack: 0x38717D7A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:19.959326 24.209.219.162:3825 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:34783 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49F9C557  Ack: 0x386E3800  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:23.536864 24.209.219.162:3876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A0E23D6  Ack: 0x380DAAD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:23.888874 24.209.219.162:4195 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35905 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AD34C86  Ack: 0x37E17560  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:47:24.014043 24.209.219.162:4234 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AF08702  Ack: 0x3851225A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.100665 24.209.219.162:4238 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35979 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4AF4ABE2  Ack: 0x37D76F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:24.169344 24.209.219.162:4242 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:35994 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4AF75154  Ack: 0x37CAB47B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.582260 24.209.219.162:1110 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38334 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB0336E  Ack: 0x391F9085  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.652621 24.209.219.162:1114 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38349 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3299A  Ack: 0x38B0FB98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:33.720380 24.209.219.162:1115 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:38362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4CB3D535  Ack: 0x3899264E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:43.010132 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:40965 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:46.126004 24.209.219.162:2185 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:41692 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4FC76378  Ack: 0x39DA9999  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.453483 24.209.219.162:2845 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43221 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5170C486  Ack: 0x3ADD899F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.778198 24.209.219.162:2880 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43321 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5186BD4B  Ack: 0x3AB6149E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:47:52.836189 24.209.219.162:2936 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:43337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5194097B  Ack: 0x3B0691ED  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:12.873580 24.209.219.162:3248 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:62967 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x642CFE1E  Ack: 0x3FE0BF33  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:22.214796 24.209.219.162:3943 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64826 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x65D6CBD6  Ack: 0x3FD9FC59  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.797810 24.209.219.162:1566 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2882 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68EADBD6  Ack: 0x40BBFAC9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.850818 24.209.219.162:1696 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2889 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6952BBFE  Ack: 0x415278F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:34.929185 24.209.219.162:1700 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:2901 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69556AF6  Ack: 0x40C2EF4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:37.974234 24.209.219.162:1844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D1C08F  Ack: 0x41B7D37E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-06:49:38.038747 24.209.219.162:1847 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x69D49EC8  Ack: 0x415BC1F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:38.107077 24.209.219.162:1852 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3563 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x69D87582  Ack: 0x4179606A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.211525 24.209.219.162:1975 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A3D3D09  Ack: 0x40F2E093  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.276604 24.209.219.162:1983 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4146 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4408A4  Ack: 0x41A734FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.336312 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4164 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A457EA2  Ack: 0x411A663F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.407428 24.209.219.162:1989 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A4835A6  Ack: 0x4176BAC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.495632 24.209.219.162:1998 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A4F5BAE  Ack: 0x41689AD3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.560074 24.209.219.162:2010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A57C8FE  Ack: 0x413D3833  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.640496 24.209.219.162:2012 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4264 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A598C9C  Ack: 0x4132A6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:49:41.694652 24.209.219.162:2025 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:4281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A608629  Ack: 0x4118ADB9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:16.180610 24.209.219.162:2477 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x325D57FD  Ack: 0x78653761  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:25.407559 24.209.219.162:2937 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:19365 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x339BA22F  Ack: 0x79622F27  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:28.476758 24.209.219.162:3444 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:20045 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x34B1682C  Ack: 0x795EB5F7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:37.699083 24.209.219.162:4687 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22512 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x36CB300A  Ack: 0x79BA73E1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:38.059711 24.209.219.162:4718 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:22634 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36D53AA4  Ack: 0x79CC7F7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:44.642034 24.209.219.162:1032 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:23609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x374B678A  Ack: 0x79E30701  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:04:53.828667 24.209.219.162:2091 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:25918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3A4B21BD  Ack: 0x7B50717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.174998 24.209.219.162:2354 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26741 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3B1431C5  Ack: 0x7B8C33BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.249007 24.209.219.162:2357 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B16FC95  Ack: 0x7A92051A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.339550 24.209.219.162:2367 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B1E7E7A  Ack: 0x7B418D8A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.416034 24.209.219.162:2381 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B285EB8  Ack: 0x7B2FF19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:04:57.473940 24.209.219.162:2385 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:26875 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3B2B0DA6  Ack: 0x7B460B8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.815894 24.209.219.162:2833 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28680 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3C726970  Ack: 0x7BE87C43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.878445 24.209.219.162:2837 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C74BC6A  Ack: 0x7C13655F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.952694 24.209.219.162:2844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28715 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3C79255F  Ack: 0x7B785B6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:07.018960 24.209.219.162:2860 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28743 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C81DA0E  Ack: 0x7BED4FD7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.146428 24.209.219.162:2744 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27452 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7D30FCF9  Ack: 0x8DCE3690  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.209627 24.209.219.162:2767 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27466 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7D39FBAF  Ack: 0x8E7DA20C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.270780 24.209.219.162:2775 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27491 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D3F728E  Ack: 0x8DD34C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.354163 24.209.219.162:2778 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27506 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D41BA43  Ack: 0x8E67916E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.420587 24.209.219.162:2786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D4712A0  Ack: 0x8DE598F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:03.882307 24.209.219.162:3277 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28579 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E51F36B  Ack: 0x8EA2A191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:07.040075 24.209.219.162:3961 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29416 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7F7D265C  Ack: 0x8EED7B61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.107947 24.209.219.162:4009 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29449 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7F8FB144  Ack: 0x8ED563AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.163916 24.209.219.162:4010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29482 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7F910DCC  Ack: 0x8E8FF64F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.789733 24.209.219.162:4814 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:31992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x813085C4  Ack: 0x8EE7A25F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.860112 24.209.219.162:4993 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818C1A6F  Ack: 0x8F81FEF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.914543 24.209.219.162:4995 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818D41C5  Ack: 0x8F6BFF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.019679 24.209.219.162:1027 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32058 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8192C55C  Ack: 0x8EEB4184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.096121 24.209.219.162:1029 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32068 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8193F437  Ack: 0x8F583E07  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.159567 24.209.219.162:1039 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x819C0F89  Ack: 0x8EE67A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.236735 24.209.219.162:1044 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x81A00418  Ack: 0x8F1F19E3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:02.361031 24.209.219.162:2344 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x784CAA93  Ack: 0x1A8C8071  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.099850 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A1A4AC2  Ack: 0x1BA6BED4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.246191 24.209.219.162:3490 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC5597B  Ack: 0x1BA29551  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.304937 24.209.219.162:3492 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC6A66A  Ack: 0x1B21E0D8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.357263 24.209.219.162:3533 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AD4EBBC  Ack: 0x1B39334A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:24.613854 24.209.219.162:4594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3767 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7CEEFEB9  Ack: 0x1BE7457A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:33.930101 24.209.219.162:1545 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:5678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7EF4851D  Ack: 0x1C0445CF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:43.467376 24.209.219.162:2346 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7692 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x81594DD8  Ack: 0x1D0256CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.694719 24.209.219.162:2960 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82E888CE  Ack: 0x1D8BF10D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.785612 24.209.219.162:2967 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82EA3224  Ack: 0x1D4C4063  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:02.157662 24.209.219.162:4068 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84E62FA7  Ack: 0x1E0C1930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:11.484723 24.209.219.162:1104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C9E2A3  Ack: 0x1F38420D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:17.970499 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14229 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:23.977665 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.028436 24.209.219.162:2448 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16536 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AA8E157  Ack: 0x1F668E42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.079199 24.209.219.162:2454 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16550 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AAD5F93  Ack: 0x2015226F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.134918 24.209.219.162:2458 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB071C5  Ack: 0x1FAA30F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:30.821986 24.209.219.162:2478 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9668 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD8364BF4  Ack: 0x7DD83F69  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.153190 24.209.219.162:3194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9D06D55  Ack: 0x7F0DED6E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.206663 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9D1FAE5  Ack: 0x7EE8BF83  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.578144 24.209.219.162:4660 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC650FE7  Ack: 0x7F883334  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.664255 24.209.219.162:4667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13709 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC679B25  Ack: 0x7F719EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.735029 24.209.219.162:4677 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6A0C8F  Ack: 0x7F7C98E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.825110 24.209.219.162:4678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13779 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6AA0DF  Ack: 0x7F07723B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:53.332907 24.209.219.162:4736 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC81A748  Ack: 0x7F09722B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.714278 24.209.219.162:1849 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF4BCC99  Ack: 0x8019316C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.793111 24.209.219.162:1861 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5922C2  Ack: 0x7FE5796A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.899542 24.209.219.162:1868 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5EBE4C  Ack: 0x7FCD570C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.968167 24.209.219.162:1870 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16701 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF605B1F  Ack: 0x8089E8D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:03.023912 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16712 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:05.935768 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.182877 24.209.219.162:2031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE26668  Ack: 0x80E0192E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.241934 24.209.219.162:2033 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17358 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDFE3E7F8  Ack: 0x8052B2FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.304378 24.209.219.162:2036 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17364 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE619B2  Ack: 0x80806196  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.216983 24.209.219.162:2241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:918 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA2A0F  Ack: 0xC52FE17B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.281550 24.209.219.162:2244 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:937 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE4AC6DE0  Ack: 0xC4E36A32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.339594 24.209.219.162:2247 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:944 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4AF1F27  Ack: 0xC5D435CE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.420031 24.209.219.162:2250 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4B12738  Ack: 0xC51CCAF6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.492685 24.209.219.162:2257 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B72FAC  Ack: 0xC4DF82F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:31.570539 24.209.219.162:2258 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1023 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE4B7FC1B  Ack: 0xC55CD704  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:34.629681 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1649 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE53589A4  Ack: 0xC58F7C3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:43.826697 24.209.219.162:3953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3984 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE8031720  Ack: 0xC5D65745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.128105 24.209.219.162:4913 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F51A60  Ack: 0xC632B626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.182270 24.209.219.162:4918 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6460 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F8E029  Ack: 0xC6F27FAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:56.235473 24.209.219.162:1194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7151 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA7BDDC1  Ack: 0xC6B874EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.460341 24.209.219.162:2151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED418666  Ack: 0xC75782E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.544357 24.209.219.162:2152 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED427E68  Ack: 0xC76B4ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.584645 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.524343 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.784342 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10386 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEDFC4F29  Ack: 0xC7FA57AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:18.107931 24.209.219.162:3220 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEFFFE3BD  Ack: 0xC7DF643A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.131068 24.209.219.162:4145 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x346BAF75  Ack: 0xB513E31  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.456389 24.209.219.162:4268 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52570 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x348C8FB7  Ack: 0xB632F62  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.260874 24.209.219.162:4804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35A2A3BA  Ack: 0xBCD8950  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.349647 24.209.219.162:4976 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54646 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x361A1FBD  Ack: 0xC01B7F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.414816 24.209.219.162:4986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54659 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x361F03F6  Ack: 0xC5564B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:06.518673 24.209.219.162:4996 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54672 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3621FAE4  Ack: 0xBD0E88E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:11.998642 24.209.219.162:1406 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55628 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x371444E6  Ack: 0xBEE3DBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.430856 24.209.219.162:1804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57200 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x385C11D7  Ack: 0xD03974F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.505118 24.209.219.162:1809 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x385FB745  Ack: 0xD65E898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.599450 24.209.219.162:1815 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57242 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386442D4  Ack: 0xD488FF5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.666051 24.209.219.162:1823 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57256 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3869A3D8  Ack: 0xD1B4352  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.794558 24.209.219.162:1827 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57276 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386D4ADC  Ack: 0xD172D5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.871018 24.209.219.162:1831 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57296 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3871C55E  Ack: 0xC96C18A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:25.857130 24.209.219.162:1835 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38748E94  Ack: 0xD0C5F6D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.077825 24.209.219.162:1953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57784 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x38D1ED52  Ack: 0xCD07951  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.213821 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57837 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38EE8F58  Ack: 0xD186D3C  Win: 0x4470  TcpLen: 20

Go to: overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.209.219.162	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade