SnortSnarf alert page

Source: 24.209.36.194: #101-129

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:15:45.933094 on 05/22/2003
Latest: 22:03:43.906158 on 06/02/2003

7 different signatures are present for 24.209.36.194 as a source

1 instances of WEB-IIS _mem_bin access
1 instances of WEB-FRONTPAGE /_vti_bin/ access
2 instances of WEB-IIS CodeRed v2 root.exe access
4 instances of WEB-IIS multiple decode attempt
5 instances of WEB-IIS unicode directory traversal attempt
56 instances of WEB-IIS ISAPI .ida attempt
60 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.36.194 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.933094 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15717 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7CBB9  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.721427 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:231 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB11B  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.746096 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB6CF  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.494301 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45899 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4A0E  Ack: 0x54899156  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.516671 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4FC2  Ack: 0x54899156  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.272646 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17457 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E72C11  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:35:18.291401 24.209.36.194:4509 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:17458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1E731C5  Ack: 0xF301AFFD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.520963 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE019A3  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:01:44.547580 24.209.36.194:3194 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CE01F57  Ack: 0x567080A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.832739 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15578 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AE7E7  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:24:24.852969 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x205AED9B  Ack: 0xABD6F87E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.217278 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2935  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-10:33:44.235928 24.209.36.194:2630 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x553F2EE9  Ack: 0xCF6A5C89  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.042785 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADCBEA  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-13:22:45.061600 24.209.36.194:2494 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFADD19E  Ack: 0x4E3D2E02  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.947828 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9985DC5  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-16:56:12.968587 24.209.36.194:4981 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50351 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9986379  Ack: 0x73E02814  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.696484 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC8277  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-03:52:48.716715 24.209.36.194:4315 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:23850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBFCC882B  Ack: 0x256D371C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.476623 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53281 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B43DC  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.522429 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B4990  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.696015 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A1FB2B  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.726251 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A200DF  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.478072 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5B9E11  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-00:12:15.500766 24.209.36.194:2388 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D5BA3C5  Ack: 0x2097C880  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.062607 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89CD3D  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-17:04:04.083756 24.209.36.194:3836 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB89D2F1  Ack: 0xFC2A4E8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.865235 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15365 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C6D9E  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-22:03:43.906158 24.209.36.194:3115 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15366 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x11C7352  Ack: 0x7C093102  Win: 0x4470  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

24.209.36.194	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade