SnortSnarf alert page

Source: 24.209.26.198: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:27:22.732202 on 05/24/2003
Latest: 18:22:42.390678 on 05/29/2003

2 different signatures are present for 24.209.26.198 as a source

60 instances of WEB-IIS ISAPI .ida attempt
60 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.26.198 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.732202 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B326  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:27:22.754715 24.209.26.198:2730 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258B8DA  Ack: 0x6481A16B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.285943 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451837  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-15:56:18.336206 24.209.26.198:1850 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE451DEB  Ack: 0xD17509DB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.712080 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14378C5F  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:42:46.763110 24.209.26.198:3592 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:19195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14379213  Ack: 0x81B7113C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.949163 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36887 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CAB86F  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-16:59:37.974994 24.209.26.198:2976 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36888 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70CABE23  Ack: 0xC0A04A58  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.281781 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12D45B  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-17:08:01.338429 24.209.26.198:4307 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11755 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E12DA0F  Ack: 0xE0C415CC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.723127 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59624 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23349FDB  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-19:16:18.763817 24.209.26.198:4727 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2334A58F  Ack: 0xC61F6223  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.930690 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7A83C  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-21:33:51.951143 24.209.26.198:1369 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59843 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FF7ADF0  Ack: 0xCCF376C3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.484614 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6920B2D  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-22:02:51.507811 24.209.26.198:2724 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF69210E1  Ack: 0x3AE225E3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.425289 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BDF92  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-23:55:51.460055 24.209.26.198:1800 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC81BE546  Ack: 0xE51139B8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.416800 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B276E  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.465845 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45425 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B2D22  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.790116 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A0F82  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.850011 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13570 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A1536  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.122832 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF101  Ack: 0x98590298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.168193 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF6B5  Ack: 0x98590298  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.883665 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47575 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2F484  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.905849 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47576 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2FA38  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.281446 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4A35  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.302755 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31580 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4FE9  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.930091 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EA5B2  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.981425 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EAB66  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.598074 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E23A  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.626346 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E7EE  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.822168 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847996  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.852839 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847F4A  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.161510 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36313 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092E650  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.169488 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36314 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092EC04  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.375909 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990694  Ack: 0x542616D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.398512 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990C48  Ack: 0x542616D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.425132 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824812ED  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.447493 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824818A1  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.388565 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CDAB8  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.404077 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CE06C  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.311648 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62002 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE90B6  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.328526 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE966A  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.432866 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4021 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAA473  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-18:58:06.458931 24.209.26.198:4706 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:4022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x44EAAA27  Ack: 0x10E6E2B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.481484 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C330C  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:00:21.507091 24.209.26.198:3805 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA3C38C0  Ack: 0xCE257EBE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.480033 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60675 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36F715  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-21:09:36.500106 24.209.26.198:2890 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:60676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D36FCC9  Ack: 0xF03D2CD6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:57.980344 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21483 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9D70A  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-01:43:58.024989 24.209.26.198:1608 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:21484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5BD9DCBE  Ack: 0xFD360E5A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.025401 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3BB30  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:30:54.040359 24.209.26.198:1764 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:56541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21D3C0E4  Ack: 0xAF07DD7E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.180476 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x86326AE6  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-02:55:29.212386 24.209.26.198:1972 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8632709A  Ack: 0xB216E7F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.902439 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47406 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC750224B  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-13:59:54.927087 24.209.26.198:4990 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC75027FF  Ack: 0xD86D2ABC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.034494 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34889 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13A45E  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-15:38:08.074808 24.209.26.198:3856 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:34890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFA13AA12  Ack: 0x4C71CA04  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.091151 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA7123  Ack: 0x38557796  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-18:56:00.112943 24.209.26.198:4146 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1DA76D7  Ack: 0x38557796  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.233717 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AABB99  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:17:46.257270 24.209.26.198:2749 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x54AAC14D  Ack: 0x6DCCB216  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.600768 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64381DA4  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-20:21:16.624171 24.209.26.198:3210 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64382358  Ack: 0x7A915D8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.693590 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28611 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB6387B5  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/27-21:50:34.725824 24.209.26.198:1450 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:28612 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDB638D69  Ack: 0xCA431F31  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.859369 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23828 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA00736DC  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-08:55:19.889581 24.209.26.198:3440 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA0073C90  Ack: 0x9A5F7238  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.869974 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x55017E3D  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-10:12:03.895369 24.209.26.198:4669 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x550183F1  Ack: 0xBCC6B27A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.718936 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11430 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B316B7  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-14:27:07.739458 24.209.26.198:4720 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:11431 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52B31C6B  Ack: 0x801166B6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.509362 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37608 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B31590C  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:11:37.532288 24.209.26.198:4768 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:37609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B315EC0  Ack: 0xED0455A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.430732 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726E58D  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-17:33:33.454342 24.209.26.198:2778 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8726EB41  Ack: 0x41070C5F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.210433 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA4CCC  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:23:21.252237 24.209.26.198:1382 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:22673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60AA5280  Ack: 0xC2B8185D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.054828 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D14450F  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.142307 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D144AC3  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.918597 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD43294B8  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.962595 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4329A6C  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.098951 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45285 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C593B42  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.139735 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C5940F6  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.724807 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51296 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225E87E  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.756089 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225EE32  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.426295 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7365  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.448808 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7919  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.529042 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEDC7A  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-16:30:30.551062 24.209.26.198:1672 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBACEE22E  Ack: 0x91C9647E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:14.978181 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12080 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72CDA0  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:10:15.002254 24.209.26.198:1564 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:12081 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F72D354  Ack: 0x27FBD5CE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.484812 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB61B2  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-17:37:53.518118 24.209.26.198:3511 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20018 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AAB6766  Ack: 0x8FB275F8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.684197 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46535 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF00ED7  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:10:19.715384 24.209.26.198:3757 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:46536 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEBF0148B  Ack: 0xAA5973C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.362796 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D001A  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-18:22:42.390678 24.209.26.198:2886 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D0D05CE  Ack: 0x3A998430  Win: 0x4470  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.209.26.198	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade