SnortSnarf alert page

Source: 24.209.39.246

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

326 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:08:33.583102 on 05/02/2003
Latest: 21:52:12.598923 on 05/13/2003

7 different signatures are present for 24.209.39.246 as a source

16 instances of WEB-IIS _mem_bin access
16 instances of WEB-FRONTPAGE /_vti_bin/ access
32 instances of WEB-IIS CodeRed v2 root.exe access
35 instances of WEB-IIS ISAPI .ida attempt
54 instances of WEB-IIS multiple decode attempt
76 instances of WEB-IIS unicode directory traversal attempt
97 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.39.246 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.583102 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B25C  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.621461 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B810  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.723914 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA598C1  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.771935 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA59E75  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.885533 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50814 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EA4BD  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.927932 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EAA71  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.894290 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916802  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.914096 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916DB6  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.278670 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0A463  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.300070 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19135 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0AA17  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.270684 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD02055DB  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.304375 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0205B8F  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.790023 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96BAFF  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.818167 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96C0B3  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.022233 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62565 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BD6CC  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.044824 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BDC80  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.527589 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE95D12  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.573104 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE962C6  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.088909 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC467B  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.110065 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC4C2F  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.572739 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65165 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D35116  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.594753 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65166 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D356CA  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.255210 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8768D43  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.275891 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB87692F7  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.450371 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB72CDC  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.474117 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB73290  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.105921 24.209.39.246:2099 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60165 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE50FB1ED  Ack: 0x86CAB07D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.288944 24.209.39.246:2113 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60192 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE51B0D9E  Ack: 0x86947CA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.349642 24.209.39.246:2117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60211 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE51E354A  Ack: 0x8680C94C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.246869 24.209.39.246:2414 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61733 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE61C34EC  Ack: 0x878501D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.305203 24.209.39.246:2538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE68337C8  Ack: 0x87824984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.643368 24.209.39.246:2539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62055 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE68462CE  Ack: 0x86F8CE25  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.713611 24.209.39.246:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6D0DC9F  Ack: 0x87C4DD98  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:48.800672 24.209.39.246:2631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE6D2B4B6  Ack: 0x875D7E83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.212047 24.209.39.246:2939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D7AAB4  Ack: 0x8795C37A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.272725 24.209.39.246:2941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D9917B  Ack: 0x87A95139  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.177700 24.209.39.246:3212 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64614 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C2F8D4  Ack: 0x88CE6887  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.283944 24.209.39.246:3343 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9306BF3  Ack: 0x89029D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.372387 24.209.39.246:3346 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64646 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE932C8D9  Ack: 0x893C8243  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.449487 24.209.39.246:3348 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64654 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE934F7DC  Ack: 0x892A4FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.546163 24.209.39.246:3352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE938A1ED  Ack: 0x89241177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:20.821223 24.209.39.246:3605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA13274D  Ack: 0x8962B58F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:47.414750 24.209.39.246:2666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34804 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF54BD8  Ack: 0x48ADFD7C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:57.477624 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36488 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDFE5142  Ack: 0x49DF1F89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:01.271444 24.209.39.246:3063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4D5C9C  Ack: 0x49CE396B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:11.509996 24.209.39.246:3360 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38741 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF4B2043  Ack: 0x4A7799B7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:12.300183 24.209.39.246:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF60A19E  Ack: 0x4A0999E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:22.595079 24.209.39.246:3698 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1069F334  Ack: 0x4A765963  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:23.196773 24.209.39.246:3717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x107AE9A5  Ack: 0x4B3D23AD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:33.420540 24.209.39.246:3993 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42229 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x116642DE  Ack: 0x4CC4FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:37.666100 24.209.39.246:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11D081F4  Ack: 0x4CEC8330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.318080 24.209.39.246:4127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11DED384  Ack: 0x4C682404  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.953085 24.209.39.246:4146 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11EF78F3  Ack: 0x4D0225FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:39.544850 24.209.39.246:4165 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x120089DD  Ack: 0x4CAC441F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.148092 24.209.39.246:4181 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x120DAB74  Ack: 0x4CAA1345  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.693607 24.209.39.246:4193 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1218C173  Ack: 0x4CCBEF73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:41.267671 24.209.39.246:4216 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x122A296A  Ack: 0x4D2AD406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:45.362729 24.209.39.246:4324 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12882298  Ack: 0x4D021340  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:45:51.268499 24.209.39.246:1327 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:980 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA25C5F58  Ack: 0xEFDE6431  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.642160 24.209.39.246:1606 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA34A489A  Ack: 0xF0800BB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.741722 24.209.39.246:1611 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2008 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA34E57A4  Ack: 0xEFEA55BA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.820830 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA353400D  Ack: 0xF01C0764  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.901545 24.209.39.246:1620 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3558C58  Ack: 0xF0682BD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:00.978956 24.209.39.246:1622 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA357C688  Ack: 0xF0476B95  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:04.062914 24.209.39.246:1704 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA39B19BD  Ack: 0xF069BAEC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.181548 24.209.39.246:1705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2356 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA39C0789  Ack: 0xF018C80D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.257962 24.209.39.246:1712 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3A22C83  Ack: 0xF0C61006  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.633137 24.209.39.246:1957 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47893F0  Ack: 0xF104651F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.758995 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3526 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47DD442  Ack: 0xF11EEDCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.610690 24.209.39.246:2078 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E00924  Ack: 0xF1629106  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.717550 24.209.39.246:2226 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4617 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA55C6035  Ack: 0xF3011E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.779815 24.209.39.246:2231 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA560846B  Ack: 0xF274DDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.852971 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4645 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5660791  Ack: 0xF260A334  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.952956 24.209.39.246:2240 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4661 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA567D3B4  Ack: 0xF2FC6E86  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:41.050697 24.209.39.246:3151 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4401 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F3E5114  Ack: 0x7EA49A3E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:50.691000 24.209.39.246:3450 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x803E8247  Ack: 0x7F692E6F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.438235 24.209.39.246:3538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6333 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x808C87A9  Ack: 0x8016789D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.644183 24.209.39.246:3544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6369 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x80905D1B  Ack: 0x7FC3EF44  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.773017 24.209.39.246:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6388 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8099188A  Ack: 0x7FFFF8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:54.891451 24.209.39.246:3558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809C64A5  Ack: 0x7FEE0E54  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:55.017231 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6426 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809F623F  Ack: 0x8034E782  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:55.091450 24.209.39.246:3563 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6437 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x80A11A12  Ack: 0x80446A7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.538100 24.209.39.246:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E41C86  Ack: 0x803BB5FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.755424 24.209.39.246:3639 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6797 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E9529B  Ack: 0x8089FECA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:08.221245 24.209.39.246:3892 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x81C91635  Ack: 0x80BA816E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.473000 24.209.39.246:4149 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9374 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82AC3DAD  Ack: 0x80F68F79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.877670 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9408 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:20.898172 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9802 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:27.164771 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.058588 24.209.39.246:4433 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x83A301D7  Ack: 0x819B00CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:30.478937 24.209.39.246:4534 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11292 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83F9770A  Ack: 0x81BCA7F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:39.785645 24.209.39.246:4806 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12603 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84E1BF21  Ack: 0x829D13FA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.052144 24.209.39.246:4939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44351 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB6EFBA0  Ack: 0xD521AD25  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:25.170288 24.209.39.246:4942 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44370 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB7125CE  Ack: 0xD5638833  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.430491 24.209.39.246:1254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC676BE6  Ack: 0xD5C47FBE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.527317 24.209.39.246:1257 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45357 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC6A8DFD  Ack: 0xD6767E43  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:34.629957 24.209.39.246:1261 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC6DF07B  Ack: 0xD5907996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:43.878282 24.209.39.246:1607 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:46785 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9738E1  Ack: 0xD6B1782B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:46:46.975343 24.209.39.246:1615 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47123 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD9D7FA5  Ack: 0xD65CF105  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:47.078694 24.209.39.246:1714 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47140 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDF37BF8  Ack: 0xD6643296  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.365666 24.209.39.246:1807 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47562 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4491F5  Ack: 0xD6D9879F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:50.525394 24.209.39.246:1810 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE47683E  Ack: 0xD6FB129B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.760110 24.209.39.246:2033 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1071C7  Ack: 0xD7E1F483  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:46:59.858795 24.209.39.246:2036 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF12D5BB  Ack: 0xD73098F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.144799 24.209.39.246:2262 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49129 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD506CD  Ack: 0xD7A50D8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:09.217840 24.209.39.246:2264 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD6C8CE  Ack: 0xD8476BFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.281163 24.209.39.246:2265 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFD7C24E  Ack: 0xD83AB124  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:47:12.369972 24.209.39.246:2344 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49500 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x101B34E5  Ack: 0xD837C2E2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:37.553868 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62644 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA192DD5E  Ack: 0x7119847C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:47.498178 24.209.39.246:3837 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63720 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA281E108  Ack: 0x71E279C9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:35:59.840359 24.209.39.246:4166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65402 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3944428  Ack: 0x721E4270  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.200564 24.209.39.246:4275 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:344 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3F1FEC9  Ack: 0x725EC344  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:03.388853 24.209.39.246:4391 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA451A78E  Ack: 0x727B5704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:03.659764 24.209.39.246:4400 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:412 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA45933B3  Ack: 0x731D3559  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-13:36:07.447072 24.209.39.246:4491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:783 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA4AC074C  Ack: 0x73013569  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:11.097161 24.209.39.246:4503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1177 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4B63AD5  Ack: 0x72CAACA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.727433 24.209.39.246:4692 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA55A1ACE  Ack: 0x72E70A81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:36:14.939930 24.209.39.246:4703 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5636195  Ack: 0x7304C0A3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:00.422658 24.209.39.246:2073 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9DFBC65  Ack: 0x7620A399  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:10.016249 24.209.39.246:2368 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8300 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAADB4C19  Ack: 0x76DC53D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.722076 24.209.39.246:2471 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8719 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAB33D055  Ack: 0x771F8A93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.830845 24.209.39.246:2485 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8744 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB3F52DA  Ack: 0x76810866  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:13.920156 24.209.39.246:2490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8756 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAB43BE24  Ack: 0x76921BB6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-13:37:14.013789 24.209.39.246:2494 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8769 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB473E7C  Ack: 0x76B89DCD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-14:59:58.408866 24.209.39.246:1178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3237 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EDDEDA7  Ack: 0xAF963583  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.230828 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9FF1CFCC  Ack: 0xB0B308C7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:11.374137 24.209.39.246:1631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5386 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05AA0A0  Ack: 0xB0B23F34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:20.934168 24.209.39.246:1960 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6824 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA16FF828  Ack: 0xB1A0F720  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:21.127210 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6859 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA17750E0  Ack: 0xB0C19948  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.390193 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6901 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA17BC108  Ack: 0xB111C1B3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:00:21.731078 24.209.39.246:1981 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6951 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA181DD1B  Ack: 0xB11833CA  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.200160 24.209.39.246:2119 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7587 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1F4CE6B  Ack: 0xB17B37A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.318700 24.209.39.246:2123 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7610 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1F8B548  Ack: 0xB11A3C6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.440698 24.209.39.246:2126 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1FBEE67  Ack: 0xB1CEB495  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.611247 24.209.39.246:2131 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7662 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA20035BB  Ack: 0xB1D6C110  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.835135 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA204D9EF  Ack: 0xB120F122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:29.406004 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA25AE5ED  Ack: 0xB1A40A87  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.036532 24.209.39.246:2251 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA265D886  Ack: 0xB1C18BD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.403158 24.209.39.246:2272 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2777E4E  Ack: 0xB232C924  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.914714 24.209.39.246:2285 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA28263B7  Ack: 0xB1B98B80  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:01:58.121908 24.209.39.246:4855 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20612 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB23F68E  Ack: 0xB800AC01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:01.531467 24.209.39.246:4867 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21146 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAB2CEF69  Ack: 0xB78C9684  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:04.952476 24.209.39.246:4971 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21580 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAB816012  Ack: 0xB8CA4A8B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:14.904827 24.209.39.246:1367 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACBFFA23  Ack: 0xB8A60908  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:36.743774 24.209.39.246:2012 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEE8A511  Ack: 0xBA2FF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:37.245020 24.209.39.246:2035 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEFB08F9  Ack: 0xBA199275  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:43.751192 24.209.39.246:2162 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF652A28  Ack: 0xBA53B874  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:44.274922 24.209.39.246:2309 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27398 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAFDFD930  Ack: 0xBABA3DCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.245990 24.209.39.246:2427 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0449B26  Ack: 0xBAB76D60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.637632 24.209.39.246:2440 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05079C0  Ack: 0xBB778611  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.044944 24.209.39.246:2456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28101 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05D8702  Ack: 0xBB0B1878  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.518553 24.209.39.246:2465 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28165 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB06583FC  Ack: 0xBAFE1843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.960178 24.209.39.246:2477 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28236 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB07034E8  Ack: 0xBAEB4FE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.400684 24.209.39.246:2489 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28291 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB079B333  Ack: 0xBB53DF17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.701211 24.209.39.246:2500 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB083FB40  Ack: 0xBB2F67CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:51.177254 24.209.39.246:2508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB08B5AAA  Ack: 0xBBA172C1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:44.924055 24.209.39.246:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5B40E6F  Ack: 0xA3D15401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:56.209416 24.209.39.246:4178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29198 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB6AAC3A6  Ack: 0xA470F415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:57.404619 24.209.39.246:4214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6CC1807  Ack: 0xA542EFCF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:11.314921 24.209.39.246:4523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB7D97D45  Ack: 0xA561BC76  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:12.814806 24.209.39.246:4633 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31746 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB83C4885  Ack: 0xA5453C8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:16.744185 24.209.39.246:4676 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32385 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8628417  Ack: 0xA5AE1B7E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:17.765475 24.209.39.246:4793 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32544 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8C81BC0  Ack: 0xA585636D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:18.921482 24.209.39.246:4826 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32714 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB8E2F3ED  Ack: 0xA606EFD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:20.046213 24.209.39.246:4857 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB8FE87F6  Ack: 0xA6301A36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:30.560309 24.209.39.246:1163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB9F941A7  Ack: 0xA69FFA90  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:31.575245 24.209.39.246:1186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBA0E819E  Ack: 0xA7035D1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:42.115106 24.209.39.246:1456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36111 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBAFD9457  Ack: 0xA76872B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:43.154745 24.209.39.246:1490 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36281 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBB1BAF1A  Ack: 0xA7326F90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:47.177938 24.209.39.246:1597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB796D0E  Ack: 0xA78CE31C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:48.331645 24.209.39.246:1628 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37039 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBB94B1A0  Ack: 0xA808B034  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:49.468706 24.209.39.246:1660 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBBB0409B  Ack: 0xA7AEDAE9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:20.233687 24.209.39.246:1365 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11850 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4FE9846D  Ack: 0x7A54320  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:25.097987 24.209.39.246:1508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12644 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x50656E18  Ack: 0x8A9761D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:26.480147 24.209.39.246:1547 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5086AB7D  Ack: 0x8303D39  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:30.780620 24.209.39.246:1695 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13615 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5108BE6D  Ack: 0x8D6B55B  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:40.398743 24.209.39.246:1947 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51E69C46  Ack: 0x8FB54B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:57:45.109783 24.209.39.246:2084 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15806 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x525C4FFD  Ack: 0x9390D0C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:46.335751 24.209.39.246:2116 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16016 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x52766FAC  Ack: 0xA2DAB67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:51.245331 24.209.39.246:2263 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16823 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52F14744  Ack: 0xA038EF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:57:53.134804 24.209.39.246:2311 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5317C05B  Ack: 0xA3ED2E7  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:05.280939 24.209.39.246:2564 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F7F851  Ack: 0xA85194D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:10.319067 24.209.39.246:2780 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19656 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54B22048  Ack: 0xB9DB3B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:11.799600 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19881 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:14.581009 24.209.39.246:2813 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CE7FB9  Ack: 0xACE962B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:15.977163 24.209.39.246:2934 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20487 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x55373927  Ack: 0xB43C970  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:58:27.032524 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22101 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56329ACA  Ack: 0xBD2C19B  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.098157 24.209.39.246:1351 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3002FE0C  Ack: 0x6D3C2FEB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:44.909022 24.209.39.246:1370 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9828 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3013DDAC  Ack: 0x6D235298  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:46.070571 24.209.39.246:1390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30254629  Ack: 0x6DAEB449  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:50.409052 24.209.39.246:1526 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x309791C7  Ack: 0x6DE91474  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:39:54.787283 24.209.39.246:1640 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FC9E52  Ack: 0x6DE5E655  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:39:55.654267 24.209.39.246:1666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11481 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3113155A  Ack: 0x6DFD988F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:40:00.087720 24.209.39.246:1783 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x317750E8  Ack: 0x6DB4F2A2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:13.684696 24.209.39.246:2069 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14123 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x327235EE  Ack: 0x6ECF0385  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:23.899919 24.209.39.246:2537 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x340467E4  Ack: 0x708D325D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:28.249658 24.209.39.246:2687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16862 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34843333  Ack: 0x70D33F07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:29.005637 24.209.39.246:2720 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x349FA21D  Ack: 0x70E02E57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:33.411485 24.209.39.246:2878 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3527C172  Ack: 0x7110BA2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:34.689412 24.209.39.246:2928 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18097 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x355141F5  Ack: 0x70BC2089  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:35.534513 24.209.39.246:2952 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18232 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3566656F  Ack: 0x713A9A86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:39.694050 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18912 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x357ADF5B  Ack: 0x71BB8D0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:40:50.120275 24.209.39.246:3393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20623 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36E26B49  Ack: 0x7263FBFD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:56:55.083258 24.209.39.246:4909 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35754 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x993DE086  Ack: 0xAE5098B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:07.924578 24.209.39.246:1539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37777 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9B44F9B5  Ack: 0xAF5C3A48  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:08.560136 24.209.39.246:1652 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37864 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9BA6BDB3  Ack: 0xAFDC11AE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.314914 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39458 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CB1023E  Ack: 0xAFF95601  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:18.666173 24.209.39.246:1975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39535 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9CBBDF34  Ack: 0xB04806AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.730454 24.209.39.246:1991 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40214 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9CC96653  Ack: 0xB06AE0DB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-18:57:21.842512 24.209.39.246:2112 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9D2A9127  Ack: 0xB011F2EC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:21.932233 24.209.39.246:2120 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40265 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9D30BE25  Ack: 0xB039AD5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.023235 24.209.39.246:2125 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40286 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D345BAD  Ack: 0xB0B82C19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.087768 24.209.39.246:2127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40303 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D3627CE  Ack: 0xB06B7DB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:22.177083 24.209.39.246:2130 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40316 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D38C9F1  Ack: 0xB03AA6F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:35.833184 24.209.39.246:2516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42400 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E859E0E  Ack: 0xB0E1CBF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:36.416901 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42472 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:39.185416 24.209.39.246:2530 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43001 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E911836  Ack: 0xB0A9F199  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.060808 24.209.39.246:2662 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43152 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9F012E6D  Ack: 0xB10B977D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-18:57:40.490372 24.209.39.246:2683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F13ABEA  Ack: 0xB1312D5B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.245005 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640861  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-01:00:47.266825 24.209.39.246:2452 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14210 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF7640E15  Ack: 0xD7F1315  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.881196 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DA5FD  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-09:39:22.902980 24.209.39.246:3529 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBD1DABB1  Ack: 0xB31DA1C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.876576 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72AD58  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-10:01:08.896691 24.209.39.246:1523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B72B30C  Ack: 0x5C6D02C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:03.685512 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5A7CC  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-12:16:06.130117 24.209.39.246:4381 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B5AD80  Ack: 0x34B8A4C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.061862 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12439 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1A32  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-18:38:25.097062 24.209.39.246:3836 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:12440 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x520F1FE6  Ack: 0xA7C6171A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.689751 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x621620B1  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/08-21:20:39.710674 24.209.39.246:1688 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62162665  Ack: 0xD6F786E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.263019 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27744 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF68521D9  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:11:53.282951 24.209.39.246:4320 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF685278D  Ack: 0x34099FDD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.303335 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F0E1  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-12:31:43.321731 24.209.39.246:3217 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:54635 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5E99F695  Ack: 0x7EEB5D44  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.804928 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30223 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AAD98  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:08:41.838352 24.209.39.246:4794 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30224 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x495AB34C  Ack: 0xEC4FFDAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.462895 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553DEAB  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-14:11:06.487961 24.209.39.246:4330 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5553E45F  Ack: 0xF6157949  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.808370 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC93966A  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-20:06:53.834803 24.209.39.246:2211 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC939C1E  Ack: 0x35E11522  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.020273 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C2349  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.071262 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C28FD  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.422821 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19F7CC  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.445221 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19FD80  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.887145 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x349615CA  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.931820 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34961B7E  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:29:19.507973 24.209.39.246:3948 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1968 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7A0665B  Ack: 0x9F36F6B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.265106 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6046 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2861E  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.291702 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F28BD2  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.054347 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22711 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331E53F  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.073569 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22712 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331EAF3  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:05:10.991186 24.209.39.246:3841 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2398
***AP*** Seq: 0x240D3811  Ack: 0x3DA3197A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.111920 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB92FFE00  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.161675 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB93003B4  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.090368 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B7B77  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-13:43:44.130202 24.209.39.246:1317 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18765 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA52B812B  Ack: 0x4E7D6CFD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:55.996481 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28261 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F1184B  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-16:44:56.016905 24.209.39.246:4189 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72F11DFF  Ack: 0xFAF20623  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.624826 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC27A0  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.645204 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC2D54  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:08.621256 24.209.39.246:4558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x684969E0  Ack: 0x2413A04B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.632617 24.209.39.246:4721 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25970 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68D8B367  Ack: 0x24E08979  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.864839 24.209.39.246:4736 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68E60208  Ack: 0x244559CF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:24.589683 24.209.39.246:1083 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69F3D1D0  Ack: 0x24BA73A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:25.140682 24.209.39.246:1096 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69FD44D4  Ack: 0x24CCC598  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:34.926320 24.209.39.246:1380 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29187 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AF17EC7  Ack: 0x256E0A62  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:35.326775 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AFC22CA  Ack: 0x2551BBFC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:39.433562 24.209.39.246:1505 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29777 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B598E95  Ack: 0x25AAE2FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:43.134004 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B63E0F0  Ack: 0x25E707C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:46.909486 24.209.39.246:1722 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30896 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C140E28  Ack: 0x2685D7DB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.250603 24.209.39.246:1741 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30965 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C24213E  Ack: 0x26BB6675  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.637571 24.209.39.246:1749 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C2B6A64  Ack: 0x268A1D2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.924133 24.209.39.246:1764 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31092 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C382306  Ack: 0x26AC85E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:51.272408 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31584 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:54.451641 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:00.387702 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32926 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D6F8301  Ack: 0x27458F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:09.860716 24.209.39.246:2418 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34255 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E5FB106  Ack: 0x27FB1EE3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.115121 24.209.39.246:1377 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25024 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1576F5D  Ack: 0xA7114D05  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.326889 24.209.39.246:1387 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25066 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x15F7CDA  Ack: 0xA71B1140  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.405184 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25082 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16484D5  Ack: 0xA70FBCAE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:47.071120 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25786 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1CDC810  Ack: 0xA75C9104  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:50.363061 24.209.39.246:1605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21B0310  Ack: 0xA7FD7C32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:53.722210 24.209.39.246:1715 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26618 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x276896F  Ack: 0xA79A4841  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:57.084961 24.209.39.246:1838 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DC86B2  Ack: 0xA7D0619C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.234171 24.209.39.246:1958 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27070 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34159A5  Ack: 0xA83566EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.344308 24.209.39.246:1963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x346003E  Ack: 0xA8B71B21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.429961 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34B21C9  Ack: 0xA7CEF783  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.572694 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34EA96C  Ack: 0xA8896AC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.690117 24.209.39.246:1982 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27154 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x355F75E  Ack: 0xA8AB932E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:01.020199 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:07.552513 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28388 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.221240 24.209.39.246:2388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B160A8  Ack: 0xA8A4A544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.303621 24.209.39.246:2394 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B74F1B  Ack: 0xA8FC909A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:13.558173 24.209.39.246:2501 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50E48B1  Ack: 0xA8EDCFB6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:09.791414 24.209.39.246:1600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26153 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6A7FF7FE  Ack: 0xC5E43B68  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:11.257048 24.209.39.246:1646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26388 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AA90114  Ack: 0xC5ABD7F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:12.585807 24.209.39.246:1687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26594 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6ACB7660  Ack: 0xC55F641E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:17.273191 24.209.39.246:1820 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B40065B  Ack: 0xC58CDBB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:21.951494 24.209.39.246:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BA8DDB3  Ack: 0xC641C3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:29.809107 24.209.39.246:2063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29196 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C11B7E4  Ack: 0xC7A32B6D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:30.969606 24.209.39.246:2185 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29383 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C7CD934  Ack: 0xC7FE827A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:32.126337 24.209.39.246:2224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C9B970D  Ack: 0xC7F97CC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:36.588877 24.209.39.246:2331 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CF98478  Ack: 0xC84BA9B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:38.042193 24.209.39.246:2375 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30452 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D1F435D  Ack: 0xC7D29EA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:39.405210 24.209.39.246:2412 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D415C08  Ack: 0xC801A6F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:43.710405 24.209.39.246:2544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6DAD18F9  Ack: 0xC85E47BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:45.161442 24.209.39.246:2582 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31583 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6DCE7D23  Ack: 0xC8341108  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:46.751549 24.209.39.246:2621 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31806 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DF0BF8A  Ack: 0xC90330DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:48.285280 24.209.39.246:2670 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32049 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6E1B89C6  Ack: 0xC87695B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:52.620173 24.209.39.246:2705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32783 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E3B939E  Ack: 0xC969DF4E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.211349 24.209.39.246:4557 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6FFBCD  Ack: 0xC03F03CC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.474149 24.209.39.246:4561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11070 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x73C1CD  Ack: 0xC0474054  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.620873 24.209.39.246:4568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11096 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x793C95  Ack: 0xC06193C6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.328043 24.209.39.246:4668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11577 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCEA2D8  Ack: 0xC1323FB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.848677 24.209.39.246:4683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11652 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD9D48D  Ack: 0xC04179C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:53.301670 24.209.39.246:1059 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1FCA14F  Ack: 0xC15484AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:57.400911 24.209.39.246:1082 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20F888B  Ack: 0xC15679F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.661529 24.209.39.246:1491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15094 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x365F113  Ack: 0xC1CDB3A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.812035 24.209.39.246:1495 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3693E13  Ack: 0xC1BDAA6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.976152 24.209.39.246:1503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15138 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36FBCB5  Ack: 0xC1CBA026  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.525412 24.209.39.246:1513 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x378647E  Ack: 0xC1A95B92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.775495 24.209.39.246:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15248 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x37DC65C  Ack: 0xC26B43CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.260803 24.209.39.246:1601 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C5BBB2  Ack: 0xC212BC52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.840948 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3D305FE  Ack: 0xC2A1AB24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:12.598923 24.209.39.246:1635 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15754 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E25700  Ack: 0xC2557E52  Win: 0x4470  TcpLen: 20

Go to: overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.209.39.246	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade