SnortSnarf alert page

Source: 24.209.219.95

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

81 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:42:44.163795 on 05/19/2003
Latest: 05:47:54.924732 on 05/20/2003

6 different signatures are present for 24.209.219.95 as a source

5 instances of WEB-IIS _mem_bin access
5 instances of WEB-FRONTPAGE /_vti_bin/ access
10 instances of WEB-IIS CodeRed v2 root.exe access
16 instances of WEB-IIS multiple decode attempt
20 instances of WEB-IIS cmd.exe access
25 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.219.95 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.163795 24.209.219.95:4631 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35759 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD30977DE  Ack: 0xAF69822E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.328003 24.209.219.95:4650 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD30F7715  Ack: 0xAFCDEF39  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.469446 24.209.219.95:4653 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35910 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD312383A  Ack: 0xAFC9D548  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:44.562244 24.209.219.95:4690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:35968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD3265BC8  Ack: 0xAF01BF99  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:42:53.857787 24.209.219.95:3564 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38220 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD445A03D  Ack: 0xAF73C0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:42:57.100416 24.209.219.95:4518 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39341 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD5CD60E3  Ack: 0xB04E90ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/19-21:43:00.359276 24.209.219.95:4979 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40598 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6A713AF  Ack: 0xB0C996A4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:00.686658 24.209.219.95:4991 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40731 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6AF2FFC  Ack: 0xAFF7B357  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.595369 24.209.219.95:3677 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44084 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD89D0368  Ack: 0xB0C2C218  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:13.944346 24.209.219.95:3858 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44156 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8DCABA5  Ack: 0xB1176513  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.799766 24.209.219.95:3907 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD8F6122A  Ack: 0xB1A61819  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:17.921961 24.209.219.95:3331 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDA67FB5C  Ack: 0xB1B9D563  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.023198 24.209.219.95:3337 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45445 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDA6BD820  Ack: 0xB1B6157C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.087568 24.209.219.95:3344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45457 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDA70BF6E  Ack: 0xB1694853  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:18.143117 24.209.219.95:3350 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:45486 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDA75C166  Ack: 0xB1C360E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-21:43:27.989559 24.209.219.95:4699 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDCD68640  Ack: 0xB25D8B1A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.191924 24.209.219.95:3799 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60971 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA5A09D8B  Ack: 0xD7F3BCDA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.380875 24.209.219.95:3834 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61062 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5B2641D  Ack: 0xD7FE0470  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:46.466348 24.209.219.95:3839 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:61102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5B737FD  Ack: 0xD7A16025  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:49.978039 24.209.219.95:4436 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:62174 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA67E4D99  Ack: 0xD86C3CD9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:08:59.437879 24.209.219.95:4235 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64607 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA946142F  Ack: 0xD8A57A83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:08:59.504238 24.209.219.95:4242 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:64639 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA94A5E81  Ack: 0xD8CFB6B8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-00:09:08.941203 24.209.219.95:3767 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1539 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB776114  Ack: 0xD940686D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.077621 24.209.219.95:3353 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3985 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAE29036B  Ack: 0xD977BFB7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.470018 24.209.219.95:3428 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE52D537  Ack: 0xDA0FE33D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:19.765490 24.209.219.95:3474 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4305 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAE76666C  Ack: 0xD9CBA504  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.370827 24.209.219.95:3411 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0EAD0B5  Ack: 0xDA0A28B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.440699 24.209.219.95:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7226 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0F3DCBD  Ack: 0xD9FD1A0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.522281 24.209.219.95:3453 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7257 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB0FB1A36  Ack: 0xDA664D43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.576143 24.209.219.95:3476 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7270 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB109E1C9  Ack: 0xDAA79470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.638792 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7276 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB10B2D50  Ack: 0xDA0F6423  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-00:09:29.705787 24.209.219.95:3481 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:7287 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB10DA191  Ack: 0xDAE46E59  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:20.782550 24.209.219.95:3275 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20333 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEAD8045F  Ack: 0x3B43C5C2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.133188 24.209.219.95:3291 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22632 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xED759137  Ack: 0x3BA63105  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.187779 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22641 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7706BC  Ack: 0x3C1E90D1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.269458 24.209.219.95:3309 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xED7D8E44  Ack: 0x3C2A8835  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:30.325626 24.209.219.95:3326 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED899185  Ack: 0x3B6A5AF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.427978 24.209.219.95:3328 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22715 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8B3358  Ack: 0x3C00C413  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-03:58:30.504053 24.209.219.95:3338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:22744 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED8E4C12  Ack: 0x3C0B0C35  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.805523 24.209.219.95:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24875 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0485691  Ack: 0x3C6BEC03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.908727 24.209.219.95:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24901 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF0555D03  Ack: 0x3C42F9C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:39.968285 24.209.219.95:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24936 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF05E9136  Ack: 0x3C835203  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:49.215589 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27168 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF32B8D63  Ack: 0x3CB82BE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.554942 24.209.219.95:3246 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF597FC9F  Ack: 0x3D3ECCF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.630073 24.209.219.95:3247 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29104 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF598E820  Ack: 0x3DD39467  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.682720 24.209.219.95:3274 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29115 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF59F1FB1  Ack: 0x3D97D424  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.746034 24.209.219.95:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29126 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF5A1DADC  Ack: 0x3D7A968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:58.865969 24.209.219.95:3304 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:29149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF5A72A3D  Ack: 0x3D7AB45C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.011916 24.209.219.95:3286 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60869 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEDB4DCBD  Ack: 0xE2096BBA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.070482 24.209.219.95:3290 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60878 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEDB65786  Ack: 0xE2BED085  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.127585 24.209.219.95:3292 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60891 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB81061  Ack: 0xE23FA82D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.176841 24.209.219.95:3295 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60900 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEDB96A6D  Ack: 0xE2DED4BD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:42:54.264049 24.209.219.95:3296 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:60949 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEDB9FE53  Ack: 0xE2418D08  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.501467 24.209.219.95:3415 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63295 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0785EEC  Ack: 0xE34EA738  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-04:43:03.568297 24.209.219.95:3417 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63339 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF079A880  Ack: 0xE2DE04F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.868249 24.209.219.95:3598 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:191 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF37A9116  Ack: 0xE34190B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.923734 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37BCBE7  Ack: 0xE34BC523  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:12.998974 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF37C7026  Ack: 0xE36D767C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.544079 24.209.219.95:3478 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3081 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF60DE32F  Ack: 0xE44DD425  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:25.633487 24.209.219.95:4133 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF713FD50  Ack: 0xE40A103B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.105857 24.209.219.95:3114 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3909 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF832F443  Ack: 0xE496BF00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.154075 24.209.219.95:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3928 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8339DA5  Ack: 0xE49259ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.237781 24.209.219.95:3125 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3933 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF83A7211  Ack: 0xE460E932  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-04:43:29.286162 24.209.219.95:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:3953 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF83C5B70  Ack: 0xE4E4DE92  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.393850 24.209.219.95:4702 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:314 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4CADCEF  Ack: 0xD5DC99AB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:22.506357 24.209.219.95:4707 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:330 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF4CE15B0  Ack: 0xD69671D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.573594 24.209.219.95:3099 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF5441008  Ack: 0xD696608D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:25.630731 24.209.219.95:3101 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:803 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF545E0F7  Ack: 0xD6CF754E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:35.211860 24.209.219.95:4720 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2795 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7F5F235  Ack: 0xD7298CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:35.262792 24.209.219.95:4721 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2816 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF7F6BFA8  Ack: 0xD674D2ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-05:47:44.575679 24.209.219.95:4033 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4569 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA18CC7F  Ack: 0xD81B92B7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:44.662175 24.209.219.95:4036 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFA1BE4D6  Ack: 0xD82B7D9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.091637 24.209.219.95:4396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5078 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFAB866ED  Ack: 0xD8A8878D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.149997 24.209.219.95:4399 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABAED8C  Ack: 0xD8B5C2DE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:48.222050 24.209.219.95:4408 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5110 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFABC5646  Ack: 0xD8498CBA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.610401 24.209.219.95:3126 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB9D2B2C  Ack: 0xD8BE4269  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.678968 24.209.219.95:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5754 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFB9F1FC9  Ack: 0xD8D28261  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:51.767534 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5816 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.745223 24.209.219.95:3175 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6481 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFBB0CDD4  Ack: 0xD9409544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.879278 24.209.219.95:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6508 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFCAAD218  Ack: 0xD8AA18F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-05:47:54.924732 24.209.219.95:3616 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6513 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFCABC270  Ack: 0xD8F5FEA5  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.219.95	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade