SnortSnarf alert page

Source: 24.209.39.246: #201-300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:40:35.534513 on 05/07/2003
Latest: 20:45:21.951494 on 05/13/2003

7 different signatures are present for 24.209.39.246 as a source

16 instances of WEB-IIS _mem_bin access
16 instances of WEB-FRONTPAGE /_vti_bin/ access
32 instances of WEB-IIS CodeRed v2 root.exe access
35 instances of WEB-IIS ISAPI .ida attempt
54 instances of WEB-IIS multiple decode attempt
76 instances of WEB-IIS unicode directory traversal attempt
97 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.39.246 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:35.534513 24.209.39.246:2952 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3566656F  Ack: 0x713A9A86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:39.694050 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18912 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x357ADF5B  Ack: 0x71BB8D0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:50.120275 24.209.39.246:3393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20623 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36E26B49  Ack: 0x7263FBFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:56:55.083258 24.209.39.246:4909 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35754 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x993DE086  Ack: 0xAE5098B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:07.924578 24.209.39.246:1539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37777 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B44F9B5  Ack: 0xAF5C3A48  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:08.560136 24.209.39.246:1652 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37864 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9BA6BDB3  Ack: 0xAFDC11AE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.314914 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39458 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CB1023E  Ack: 0xAFF95601  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.666173 24.209.39.246:1975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39535 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CBBDF34  Ack: 0xB04806AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.730454 24.209.39.246:1991 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40214 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9CC96653  Ack: 0xB06AE0DB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.842512 24.209.39.246:2112 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9D2A9127  Ack: 0xB011F2EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:21.932233 24.209.39.246:2120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40265 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9D30BE25  Ack: 0xB039AD5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.023235 24.209.39.246:2125 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40286 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D345BAD  Ack: 0xB0B82C19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.087768 24.209.39.246:2127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D3627CE  Ack: 0xB06B7DB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.177083 24.209.39.246:2130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40316 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D38C9F1  Ack: 0xB03AA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:35.833184 24.209.39.246:2516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42400 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E859E0E  Ack: 0xB0E1CBF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:36.416901 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:39.185416 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.060808 24.209.39.246:2662 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43152 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9F012E6D  Ack: 0xB10B977D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.490372 24.209.39.246:2683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F13ABEA  Ack: 0xB1312D5B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.245005 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640861  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.266825 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640E15  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.881196 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DA5FD  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.902980 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DABB1  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.876576 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72AD58  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.896691 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72B30C  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:03.685512 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5A7CC  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:06.130117 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5AD80  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.061862 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1A32  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.097062 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1FE6  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.689751 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x621620B1  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.710674 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62162665  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.263019 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27744 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF68521D9  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.282951 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF685278D  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.303335 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F0E1  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.321731 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54635 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F695  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.804928 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AAD98  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.838352 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AB34C  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.462895 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553DEAB  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.487961 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553E45F  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.808370 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC93966A  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.834803 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC939C1E  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.020273 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C2349  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.071262 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C28FD  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.422821 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19F7CC  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.445221 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19FD80  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.887145 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x349615CA  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.931820 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34961B7E  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:29:19.507973 24.209.39.246:3948 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1968 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7A0665B  Ack: 0x9F36F6B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.265106 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6046 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2861E  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.291702 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F28BD2  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.054347 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22711 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331E53F  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.073569 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22712 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331EAF3  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:05:10.991186 24.209.39.246:3841 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2398
***AP*** Seq: 0x240D3811  Ack: 0x3DA3197A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.111920 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB92FFE00  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.161675 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB93003B4  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.090368 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B7B77  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.130202 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B812B  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:55.996481 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28261 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F1184B  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:56.016905 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F11DFF  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.624826 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC27A0  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.645204 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC2D54  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:08.621256 24.209.39.246:4558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x684969E0  Ack: 0x2413A04B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.632617 24.209.39.246:4721 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25970 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68D8B367  Ack: 0x24E08979  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.864839 24.209.39.246:4736 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68E60208  Ack: 0x244559CF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:24.589683 24.209.39.246:1083 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69F3D1D0  Ack: 0x24BA73A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:25.140682 24.209.39.246:1096 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69FD44D4  Ack: 0x24CCC598  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:34.926320 24.209.39.246:1380 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29187 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AF17EC7  Ack: 0x256E0A62  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:35.326775 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AFC22CA  Ack: 0x2551BBFC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:39.433562 24.209.39.246:1505 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29777 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B598E95  Ack: 0x25AAE2FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:43.134004 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B63E0F0  Ack: 0x25E707C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:46.909486 24.209.39.246:1722 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30896 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C140E28  Ack: 0x2685D7DB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.250603 24.209.39.246:1741 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30965 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C24213E  Ack: 0x26BB6675  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.637571 24.209.39.246:1749 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C2B6A64  Ack: 0x268A1D2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.924133 24.209.39.246:1764 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31092 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C382306  Ack: 0x26AC85E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:51.272408 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31584 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:54.451641 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:00.387702 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32926 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D6F8301  Ack: 0x27458F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:09.860716 24.209.39.246:2418 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34255 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E5FB106  Ack: 0x27FB1EE3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.115121 24.209.39.246:1377 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25024 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1576F5D  Ack: 0xA7114D05  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.326889 24.209.39.246:1387 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25066 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x15F7CDA  Ack: 0xA71B1140  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.405184 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25082 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16484D5  Ack: 0xA70FBCAE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:47.071120 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25786 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1CDC810  Ack: 0xA75C9104  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:50.363061 24.209.39.246:1605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21B0310  Ack: 0xA7FD7C32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:53.722210 24.209.39.246:1715 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26618 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x276896F  Ack: 0xA79A4841  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:57.084961 24.209.39.246:1838 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DC86B2  Ack: 0xA7D0619C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.234171 24.209.39.246:1958 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27070 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34159A5  Ack: 0xA83566EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.344308 24.209.39.246:1963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x346003E  Ack: 0xA8B71B21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.429961 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34B21C9  Ack: 0xA7CEF783  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.572694 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34EA96C  Ack: 0xA8896AC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.690117 24.209.39.246:1982 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27154 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x355F75E  Ack: 0xA8AB932E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:01.020199 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:07.552513 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28388 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.221240 24.209.39.246:2388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B160A8  Ack: 0xA8A4A544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.303621 24.209.39.246:2394 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B74F1B  Ack: 0xA8FC909A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:13.558173 24.209.39.246:2501 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50E48B1  Ack: 0xA8EDCFB6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:09.791414 24.209.39.246:1600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26153 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6A7FF7FE  Ack: 0xC5E43B68  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:11.257048 24.209.39.246:1646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26388 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AA90114  Ack: 0xC5ABD7F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:12.585807 24.209.39.246:1687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26594 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6ACB7660  Ack: 0xC55F641E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:17.273191 24.209.39.246:1820 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B40065B  Ack: 0xC58CDBB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:21.951494 24.209.39.246:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BA8DDB3  Ack: 0xC641C3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.39.246	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade