SnortSnarf alert page

Source: 24.209.39.246: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:08:33.583102 on 05/02/2003
Latest: 11:46:47.078694 on 05/05/2003

7 different signatures are present for 24.209.39.246 as a source

16 instances of WEB-IIS _mem_bin access
16 instances of WEB-FRONTPAGE /_vti_bin/ access
32 instances of WEB-IIS CodeRed v2 root.exe access
35 instances of WEB-IIS ISAPI .ida attempt
54 instances of WEB-IIS multiple decode attempt
76 instances of WEB-IIS unicode directory traversal attempt
97 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.39.246 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.583102 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B25C  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.621461 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B810  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.723914 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA598C1  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.771935 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA59E75  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.885533 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50814 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EA4BD  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.927932 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EAA71  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.894290 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916802  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.914096 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916DB6  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.278670 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0A463  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.300070 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19135 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0AA17  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.270684 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD02055DB  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.304375 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0205B8F  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.790023 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96BAFF  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.818167 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96C0B3  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.022233 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62565 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BD6CC  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.044824 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BDC80  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.527589 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE95D12  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.573104 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE962C6  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.088909 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC467B  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.110065 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC4C2F  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.572739 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65165 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D35116  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.594753 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65166 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D356CA  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.255210 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8768D43  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.275891 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB87692F7  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.450371 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB72CDC  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.474117 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB73290  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.105921 24.209.39.246:2099 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60165 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE50FB1ED  Ack: 0x86CAB07D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.288944 24.209.39.246:2113 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60192 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE51B0D9E  Ack: 0x86947CA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.349642 24.209.39.246:2117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60211 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE51E354A  Ack: 0x8680C94C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.246869 24.209.39.246:2414 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61733 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE61C34EC  Ack: 0x878501D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.305203 24.209.39.246:2538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE68337C8  Ack: 0x87824984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.643368 24.209.39.246:2539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62055 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE68462CE  Ack: 0x86F8CE25  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.713611 24.209.39.246:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6D0DC9F  Ack: 0x87C4DD98  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:48.800672 24.209.39.246:2631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE6D2B4B6  Ack: 0x875D7E83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.212047 24.209.39.246:2939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D7AAB4  Ack: 0x8795C37A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.272725 24.209.39.246:2941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D9917B  Ack: 0x87A95139  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.177700 24.209.39.246:3212 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64614 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C2F8D4  Ack: 0x88CE6887  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.283944 24.209.39.246:3343 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9306BF3  Ack: 0x89029D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.372387 24.209.39.246:3346 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64646 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE932C8D9  Ack: 0x893C8243  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.449487 24.209.39.246:3348 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64654 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE934F7DC  Ack: 0x892A4FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.546163 24.209.39.246:3352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE938A1ED  Ack: 0x89241177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:20.821223 24.209.39.246:3605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA13274D  Ack: 0x8962B58F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:47.414750 24.209.39.246:2666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34804 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF54BD8  Ack: 0x48ADFD7C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:57.477624 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36488 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDFE5142  Ack: 0x49DF1F89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:01.271444 24.209.39.246:3063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4D5C9C  Ack: 0x49CE396B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:11.509996 24.209.39.246:3360 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38741 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF4B2043  Ack: 0x4A7799B7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:12.300183 24.209.39.246:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF60A19E  Ack: 0x4A0999E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:22.595079 24.209.39.246:3698 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1069F334  Ack: 0x4A765963  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:23.196773 24.209.39.246:3717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x107AE9A5  Ack: 0x4B3D23AD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:33.420540 24.209.39.246:3993 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42229 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x116642DE  Ack: 0x4CC4FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:37.666100 24.209.39.246:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11D081F4  Ack: 0x4CEC8330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.318080 24.209.39.246:4127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11DED384  Ack: 0x4C682404  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.953085 24.209.39.246:4146 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11EF78F3  Ack: 0x4D0225FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:39.544850 24.209.39.246:4165 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x120089DD  Ack: 0x4CAC441F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.148092 24.209.39.246:4181 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x120DAB74  Ack: 0x4CAA1345  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.693607 24.209.39.246:4193 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1218C173  Ack: 0x4CCBEF73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:41.267671 24.209.39.246:4216 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x122A296A  Ack: 0x4D2AD406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:45.362729 24.209.39.246:4324 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12882298  Ack: 0x4D021340  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:45:51.268499 24.209.39.246:1327 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:980 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA25C5F58  Ack: 0xEFDE6431  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.642160 24.209.39.246:1606 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA34A489A  Ack: 0xF0800BB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.741722 24.209.39.246:1611 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2008 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA34E57A4  Ack: 0xEFEA55BA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.820830 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA353400D  Ack: 0xF01C0764  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.901545 24.209.39.246:1620 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3558C58  Ack: 0xF0682BD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:00.978956 24.209.39.246:1622 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA357C688  Ack: 0xF0476B95  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:04.062914 24.209.39.246:1704 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA39B19BD  Ack: 0xF069BAEC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.181548 24.209.39.246:1705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2356 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA39C0789  Ack: 0xF018C80D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.257962 24.209.39.246:1712 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3A22C83  Ack: 0xF0C61006  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.633137 24.209.39.246:1957 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47893F0  Ack: 0xF104651F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.758995 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3526 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47DD442  Ack: 0xF11EEDCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.610690 24.209.39.246:2078 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E00924  Ack: 0xF1629106  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.717550 24.209.39.246:2226 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4617 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA55C6035  Ack: 0xF3011E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.779815 24.209.39.246:2231 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA560846B  Ack: 0xF274DDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.852971 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4645 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5660791  Ack: 0xF260A334  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.952956 24.209.39.246:2240 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4661 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA567D3B4  Ack: 0xF2FC6E86  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:41.050697 24.209.39.246:3151 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4401 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F3E5114  Ack: 0x7EA49A3E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:50.691000 24.209.39.246:3450 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x803E8247  Ack: 0x7F692E6F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.438235 24.209.39.246:3538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6333 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x808C87A9  Ack: 0x8016789D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.644183 24.209.39.246:3544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6369 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x80905D1B  Ack: 0x7FC3EF44  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.773017 24.209.39.246:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6388 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8099188A  Ack: 0x7FFFF8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:54.891451 24.209.39.246:3558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809C64A5  Ack: 0x7FEE0E54  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:55.017231 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6426 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809F623F  Ack: 0x8034E782  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:55.091450 24.209.39.246:3563 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6437 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x80A11A12  Ack: 0x80446A7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.538100 24.209.39.246:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E41C86  Ack: 0x803BB5FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.755424 24.209.39.246:3639 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6797 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E9529B  Ack: 0x8089FECA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:08.221245 24.209.39.246:3892 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x81C91635  Ack: 0x80BA816E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.473000 24.209.39.246:4149 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9374 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82AC3DAD  Ack: 0x80F68F79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.877670 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9408 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:20.898172 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9802 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:27.164771 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.058588 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.478937 24.209.39.246:4534 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11292 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83F9770A  Ack: 0x81BCA7F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:39.785645 24.209.39.246:4806 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84E1BF21  Ack: 0x829D13FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.052144 24.209.39.246:4939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB6EFBA0  Ack: 0xD521AD25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.170288 24.209.39.246:4942 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44370 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB7125CE  Ack: 0xD5638833  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.430491 24.209.39.246:1254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC676BE6  Ack: 0xD5C47FBE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.527317 24.209.39.246:1257 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45357 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC6A8DFD  Ack: 0xD6767E43  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.629957 24.209.39.246:1261 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6DF07B  Ack: 0xD5907996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:43.878282 24.209.39.246:1607 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46785 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9738E1  Ack: 0xD6B1782B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:46.975343 24.209.39.246:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47123 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9D7FA5  Ack: 0xD65CF105  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:47.078694 24.209.39.246:1714 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47140 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDF37BF8  Ack: 0xD6643296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.39.246	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade