SnortSnarf alert page

Source: 24.209.36.194: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 20:35:22.441753 on 05/15/2003
Latest: 19:15:45.877055 on 05/22/2003

7 different signatures are present for 24.209.36.194 as a source

1 instances of WEB-IIS _mem_bin access
1 instances of WEB-FRONTPAGE /_vti_bin/ access
2 instances of WEB-IIS CodeRed v2 root.exe access
4 instances of WEB-IIS multiple decode attempt
5 instances of WEB-IIS unicode directory traversal attempt
56 instances of WEB-IIS ISAPI .ida attempt
60 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.36.194 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:22.441753 24.209.36.194:4107 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48169 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C9D409  Ack: 0x20731CF1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.292533 24.209.36.194:4132 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48285 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89E09D17  Ack: 0x20F4DBEC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.566114 24.209.36.194:4153 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48345 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89F2ACDE  Ack: 0x2107E6AC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.022614 24.209.36.194:4163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48412 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89FAC05C  Ack: 0x20CBF0F0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.972540 24.209.36.194:4186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48559 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A0F1BD5  Ack: 0x209B08C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:29.083461 24.209.36.194:4308 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49106 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A7AA66C  Ack: 0x21036F14  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:30.486949 24.209.36.194:4333 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49268 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A924666  Ack: 0x21CCC914  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.188580 24.209.36.194:4502 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50056 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8B227A8E  Ack: 0x2116AB27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.432627 24.209.36.194:4510 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50103 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B29A572  Ack: 0x2139DC12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.596893 24.209.36.194:4520 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50143 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B31DE67  Ack: 0x21E73928  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.364442 24.209.36.194:4638 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9858CE  Ack: 0x22096F5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.670534 24.209.36.194:4646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50752 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9F16AA  Ack: 0x215BAB56  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.819186 24.209.36.194:4653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50777 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BA5270A  Ack: 0x222E6858  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.921393 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50792 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:41.961835 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51216 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.244048 24.209.36.194:4752 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51256 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BFDB097  Ack: 0x21D9DCD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.573752 24.209.36.194:4765 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C083C84  Ack: 0x228690FF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:05:59.630555 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57946 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3946  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:06:02.106471 24.209.36.194:3540 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58051 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA0A3EFA  Ack: 0x1712041D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.476054 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEA36  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:16:12.508996 24.209.36.194:1681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF62CEFEA  Ack: 0x3BFF39FA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.071617 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3C525  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:40:04.094988 24.209.36.194:4273 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B3CAD9  Ack: 0x971C4D06  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.942136 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911706  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-10:52:35.964198 24.209.36.194:3651 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47459 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCD911CBA  Ack: 0xC59EB568  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.687425 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38315 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C7377F  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-11:02:04.705707 24.209.36.194:3491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C73D33  Ack: 0xE98335AB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.394209 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA661E5B  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:11:36.449832 24.209.36.194:2047 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA66240F  Ack: 0x659BBF82  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.578268 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8A27  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:31:39.600546 24.209.36.194:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x468C8FDB  Ack: 0xB1865B7B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.470224 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2A18  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.496025 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:677 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2FCC  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.091268 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A8458C  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.110981 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A84B40  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.126316 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0CD3F  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.150555 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0D2F3  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.861197 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7F958  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.888352 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7FF0C  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.871514 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A1307  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.896209 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48317 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A18BB  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.382373 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61091 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCD4C1  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.415066 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCDA75  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.840695 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8BB41  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.861558 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19893 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8C0F5  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.093867 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D7FD7B  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.120649 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D8032F  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.775261 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10864 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF858CDA  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.800648 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10865 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF85928E  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.670311 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23659 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907D4FD  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.696708 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23660 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907DAB1  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:02.550410 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64121 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397ABA51  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:05.010099 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397AC005  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.002461 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30189 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E2E4E  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.026498 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E3402  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.012285 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8332 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF7C02  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:18:14.036370 24.209.36.194:1129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8333 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x94AF81B6  Ack: 0xA123412D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.242675 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D16F  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-14:34:13.283506 24.209.36.194:1336 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE600D723  Ack: 0xDCDB15D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.366772 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44256 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84BBD4  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:16:32.386651 24.209.36.194:3451 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44257 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFE84C188  Ack: 0x4258A4D1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.581994 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1842  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-17:44:48.618714 24.209.36.194:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80AC1DF6  Ack: 0xAC71BAC5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.124013 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35739 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA132B  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-21:42:31.147984 24.209.36.194:3494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9AAA18DF  Ack: 0x2F716028  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.589295 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283736B  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-22:50:26.660545 24.209.36.194:2421 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB283791F  Ack: 0x305E5034  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.021085 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2054 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748ADC5  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-09:35:12.053766 24.209.36.194:1668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2055 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3748B379  Ack: 0xB459458D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.464374 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57475 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6551B61  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-12:10:16.483038 24.209.36.194:1717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57476 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6552115  Ack: 0xFE250A53  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:42.669408 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35708 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86A7E2  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/18-13:19:45.298627 24.209.36.194:1995 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36078 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF86AD96  Ack: 0x3054C20  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.797207 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627D486  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-14:59:56.825196 24.209.36.194:1587 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1627DA3A  Ack: 0xBE1B314C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.643903 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CE9CA  Ack: 0x13655240  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-15:22:40.665857 24.209.36.194:2580 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:41630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x921CEF7E  Ack: 0x13655240  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.104019 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20211 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F5279  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:06:15.136600 24.209.36.194:2963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8F582D  Ack: 0x60F8CC10  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.230961 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57859 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070C454  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-19:30:31.276548 24.209.36.194:1424 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:57860 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8070CA08  Ack: 0xBC848379  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.828890 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADA494  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/19-22:50:25.853621 24.209.36.194:2031 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9879 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x19ADAA48  Ack: 0xAF438F75  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.933584 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11519 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6A950  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-03:58:07.953287 24.209.36.194:4737 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11520 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24C6AF04  Ack: 0x3A4733D5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.937291 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EAFE64  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:06:32.957880 24.209.36.194:3416 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x85EB0418  Ack: 0x13177FDA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.724495 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C84186  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-02:36:16.748493 24.209.36.194:3160 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8473A  Ack: 0x84474BE0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.648949 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x931082A  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-04:59:07.672024 24.209.36.194:2784 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23690 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9310DDE  Ack: 0x9FD046D7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.336908 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4501 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49150D20  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-06:56:26.356210 24.209.36.194:1034 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4502 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x491512D4  Ack: 0x5AD58511  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.690041 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53133 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA57C6  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.710008 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA5D7A  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.774003 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC83B83  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.798325 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC84137  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.939276 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20423 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84F76F  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.978172 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84FD23  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.877055 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15716 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7C605  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.36.194	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade