SnortSnarf alert page

Source: 24.209.39.246: #101-200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:46:50.365666 on 05/05/2003
Latest: 18:40:34.689412 on 05/07/2003

7 different signatures are present for 24.209.39.246 as a source

16 instances of WEB-IIS _mem_bin access
16 instances of WEB-FRONTPAGE /_vti_bin/ access
32 instances of WEB-IIS CodeRed v2 root.exe access
35 instances of WEB-IIS ISAPI .ida attempt
54 instances of WEB-IIS multiple decode attempt
76 instances of WEB-IIS unicode directory traversal attempt
97 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.39.246 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.365666 24.209.39.246:1807 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4491F5  Ack: 0xD6D9879F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.525394 24.209.39.246:1810 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE47683E  Ack: 0xD6FB129B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.760110 24.209.39.246:2033 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1071C7  Ack: 0xD7E1F483  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.858795 24.209.39.246:2036 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF12D5BB  Ack: 0xD73098F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.144799 24.209.39.246:2262 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49129 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD506CD  Ack: 0xD7A50D8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.217840 24.209.39.246:2264 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD6C8CE  Ack: 0xD8476BFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.281163 24.209.39.246:2265 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFD7C24E  Ack: 0xD83AB124  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.369972 24.209.39.246:2344 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49500 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x101B34E5  Ack: 0xD837C2E2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:37.553868 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62644 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA192DD5E  Ack: 0x7119847C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:47.498178 24.209.39.246:3837 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63720 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA281E108  Ack: 0x71E279C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:59.840359 24.209.39.246:4166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65402 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3944428  Ack: 0x721E4270  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.200564 24.209.39.246:4275 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:344 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3F1FEC9  Ack: 0x725EC344  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.388853 24.209.39.246:4391 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA451A78E  Ack: 0x727B5704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:03.659764 24.209.39.246:4400 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:412 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA45933B3  Ack: 0x731D3559  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:07.447072 24.209.39.246:4491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:783 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA4AC074C  Ack: 0x73013569  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:11.097161 24.209.39.246:4503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1177 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4B63AD5  Ack: 0x72CAACA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.727433 24.209.39.246:4692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA55A1ACE  Ack: 0x72E70A81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.939930 24.209.39.246:4703 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5636195  Ack: 0x7304C0A3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:00.422658 24.209.39.246:2073 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9DFBC65  Ack: 0x7620A399  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:10.016249 24.209.39.246:2368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8300 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAADB4C19  Ack: 0x76DC53D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.722076 24.209.39.246:2471 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8719 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAB33D055  Ack: 0x771F8A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.830845 24.209.39.246:2485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB3F52DA  Ack: 0x76810866  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.920156 24.209.39.246:2490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8756 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAB43BE24  Ack: 0x76921BB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:14.013789 24.209.39.246:2494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8769 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB473E7C  Ack: 0x76B89DCD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:59:58.408866 24.209.39.246:1178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3237 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EDDEDA7  Ack: 0xAF963583  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.230828 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9FF1CFCC  Ack: 0xB0B308C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.374137 24.209.39.246:1631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05AA0A0  Ack: 0xB0B23F34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:20.934168 24.209.39.246:1960 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6824 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA16FF828  Ack: 0xB1A0F720  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:21.127210 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA17750E0  Ack: 0xB0C19948  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.390193 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6901 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA17BC108  Ack: 0xB111C1B3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.731078 24.209.39.246:1981 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6951 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA181DD1B  Ack: 0xB11833CA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.200160 24.209.39.246:2119 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7587 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1F4CE6B  Ack: 0xB17B37A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.318700 24.209.39.246:2123 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7610 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1F8B548  Ack: 0xB11A3C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.440698 24.209.39.246:2126 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1FBEE67  Ack: 0xB1CEB495  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.611247 24.209.39.246:2131 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7662 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA20035BB  Ack: 0xB1D6C110  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.835135 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA204D9EF  Ack: 0xB120F122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:29.406004 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA25AE5ED  Ack: 0xB1A40A87  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.036532 24.209.39.246:2251 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA265D886  Ack: 0xB1C18BD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.403158 24.209.39.246:2272 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2777E4E  Ack: 0xB232C924  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.914714 24.209.39.246:2285 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA28263B7  Ack: 0xB1B98B80  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:01:58.121908 24.209.39.246:4855 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20612 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB23F68E  Ack: 0xB800AC01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:01.531467 24.209.39.246:4867 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21146 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAB2CEF69  Ack: 0xB78C9684  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:04.952476 24.209.39.246:4971 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21580 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAB816012  Ack: 0xB8CA4A8B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:14.904827 24.209.39.246:1367 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACBFFA23  Ack: 0xB8A60908  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:36.743774 24.209.39.246:2012 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEE8A511  Ack: 0xBA2FF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:37.245020 24.209.39.246:2035 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEFB08F9  Ack: 0xBA199275  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:43.751192 24.209.39.246:2162 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF652A28  Ack: 0xBA53B874  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:44.274922 24.209.39.246:2309 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27398 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAFDFD930  Ack: 0xBABA3DCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.245990 24.209.39.246:2427 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0449B26  Ack: 0xBAB76D60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.637632 24.209.39.246:2440 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05079C0  Ack: 0xBB778611  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.044944 24.209.39.246:2456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28101 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05D8702  Ack: 0xBB0B1878  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.518553 24.209.39.246:2465 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28165 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB06583FC  Ack: 0xBAFE1843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.960178 24.209.39.246:2477 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28236 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB07034E8  Ack: 0xBAEB4FE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.400684 24.209.39.246:2489 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28291 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB079B333  Ack: 0xBB53DF17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.701211 24.209.39.246:2500 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB083FB40  Ack: 0xBB2F67CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:51.177254 24.209.39.246:2508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB08B5AAA  Ack: 0xBBA172C1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:44.924055 24.209.39.246:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5B40E6F  Ack: 0xA3D15401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:56.209416 24.209.39.246:4178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29198 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB6AAC3A6  Ack: 0xA470F415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:57.404619 24.209.39.246:4214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6CC1807  Ack: 0xA542EFCF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:11.314921 24.209.39.246:4523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB7D97D45  Ack: 0xA561BC76  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:12.814806 24.209.39.246:4633 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31746 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB83C4885  Ack: 0xA5453C8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:16.744185 24.209.39.246:4676 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32385 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8628417  Ack: 0xA5AE1B7E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:17.765475 24.209.39.246:4793 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32544 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8C81BC0  Ack: 0xA585636D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:18.921482 24.209.39.246:4826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32714 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB8E2F3ED  Ack: 0xA606EFD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:20.046213 24.209.39.246:4857 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB8FE87F6  Ack: 0xA6301A36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:30.560309 24.209.39.246:1163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9F941A7  Ack: 0xA69FFA90  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:31.575245 24.209.39.246:1186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA0E819E  Ack: 0xA7035D1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:42.115106 24.209.39.246:1456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36111 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAFD9457  Ack: 0xA76872B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:43.154745 24.209.39.246:1490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36281 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBB1BAF1A  Ack: 0xA7326F90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:47.177938 24.209.39.246:1597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB796D0E  Ack: 0xA78CE31C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:48.331645 24.209.39.246:1628 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37039 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBB94B1A0  Ack: 0xA808B034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:49.468706 24.209.39.246:1660 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBB0409B  Ack: 0xA7AEDAE9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:20.233687 24.209.39.246:1365 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11850 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4FE9846D  Ack: 0x7A54320  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:25.097987 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12644 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x50656E18  Ack: 0x8A9761D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:26.480147 24.209.39.246:1547 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5086AB7D  Ack: 0x8303D39  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:30.780620 24.209.39.246:1695 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13615 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5108BE6D  Ack: 0x8D6B55B  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:40.398743 24.209.39.246:1947 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51E69C46  Ack: 0x8FB54B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:45.109783 24.209.39.246:2084 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15806 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x525C4FFD  Ack: 0x9390D0C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:46.335751 24.209.39.246:2116 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16016 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x52766FAC  Ack: 0xA2DAB67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:51.245331 24.209.39.246:2263 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16823 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52F14744  Ack: 0xA038EF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:53.134804 24.209.39.246:2311 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5317C05B  Ack: 0xA3ED2E7  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:05.280939 24.209.39.246:2564 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F7F851  Ack: 0xA85194D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:10.319067 24.209.39.246:2780 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19656 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54B22048  Ack: 0xB9DB3B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:11.799600 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:14.581009 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:15.977163 24.209.39.246:2934 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20487 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55373927  Ack: 0xB43C970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:27.032524 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56329ACA  Ack: 0xBD2C19B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.098157 24.209.39.246:1351 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3002FE0C  Ack: 0x6D3C2FEB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.909022 24.209.39.246:1370 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9828 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3013DDAC  Ack: 0x6D235298  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:46.070571 24.209.39.246:1390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30254629  Ack: 0x6DAEB449  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:50.409052 24.209.39.246:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x309791C7  Ack: 0x6DE91474  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:54.787283 24.209.39.246:1640 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FC9E52  Ack: 0x6DE5E655  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:39:55.654267 24.209.39.246:1666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3113155A  Ack: 0x6DFD988F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:40:00.087720 24.209.39.246:1783 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x317750E8  Ack: 0x6DB4F2A2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:13.684696 24.209.39.246:2069 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14123 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x327235EE  Ack: 0x6ECF0385  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:23.899919 24.209.39.246:2537 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x340467E4  Ack: 0x708D325D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:28.249658 24.209.39.246:2687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34843333  Ack: 0x70D33F07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:29.005637 24.209.39.246:2720 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x349FA21D  Ack: 0x70E02E57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:33.411485 24.209.39.246:2878 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3527C172  Ack: 0x7110BA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:34.689412 24.209.39.246:2928 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18097 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x355141F5  Ack: 0x70BC2089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.39.246	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade