SnortSnarf alert page

Source: 24.209.40.219

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

49 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:06:48.070717 on 05/20/2003
Latest: 19:06:02.930115 on 05/20/2003

6 different signatures are present for 24.209.40.219 as a source

3 instances of WEB-IIS _mem_bin access
3 instances of WEB-FRONTPAGE /_vti_bin/ access
6 instances of WEB-IIS CodeRed v2 root.exe access
10 instances of WEB-IIS multiple decode attempt
12 instances of WEB-IIS cmd.exe access
15 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.40.219 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:48.070717 24.209.40.219:1903 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:31942 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBC7A261C  Ack: 0xC0E2DAE4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.052523 24.209.40.219:2238 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33318 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBD984E21  Ack: 0xC11A6FB4  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:58.712672 24.209.40.219:2258 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDA97CF9  Ack: 0xC195A40B  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:06:59.193371 24.209.40.219:2286 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:33529 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDC18A58  Ack: 0xC120F08B  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:08.946998 24.209.40.219:2555 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34860 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEAC318F  Ack: 0xC1E45BA3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:09.565584 24.209.40.219:2578 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBEBF21E4  Ack: 0xC179D79C  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:07:18.959174 24.209.40.219:2856 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36026 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBFB1E7C5  Ack: 0xC21EA0D4  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:28.820403 24.209.40.219:3107 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37074 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC08ADEFE  Ack: 0xC2B1EF5D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:32.207972 24.209.40.219:3202 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37390 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC0DAFBF8  Ack: 0xC3737F38  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:41.768297 24.209.40.219:3460 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1BB18C9  Ack: 0xC3AF37FD  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:42.258987 24.209.40.219:3479 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38476 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1CAEB5F  Ack: 0xC3909D11  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:52.218942 24.209.40.219:3741 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC2A7D5A0  Ack: 0xC476542C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.355413 24.209.40.219:3759 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39551 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC2B812DA  Ack: 0xC3F7FA63  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:53.810498 24.209.40.219:3781 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39635 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2CC2C58  Ack: 0xC44E0491  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:55.030811 24.209.40.219:3799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39710 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2DC3E50  Ack: 0xC495A55D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:07:58.679318 24.209.40.219:3922 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40191 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC3463633  Ack: 0xC4F7B7FF  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:20.358158 24.209.40.219:1180 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:44031 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xED1C047B  Ack: 0xDC40ABBB  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.576838 24.209.40.219:1449 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45241 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEE07F8E9  Ack: 0xDCF98C6D  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.797481 24.209.40.219:1453 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45276 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE0B728F  Ack: 0xDD1FBF6D  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:32.907476 24.209.40.219:1597 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45964 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE808A6E  Ack: 0xDD07C779  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:42.087677 24.209.40.219:1931 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47567 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF92577E  Ack: 0xDDCE74AD  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:42.254910 24.209.40.219:1934 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47592 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEF9572C0  Ack: 0xDD8343BF  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:51.454130 24.209.40.219:2274 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49164 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0B065D4  Ack: 0xDEB3D1C8  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:51.589205 24.209.40.219:2277 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0B3206D  Ack: 0xDDEB9A3D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.805385 24.209.40.219:2513 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50328 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1843F95  Ack: 0xDF2C54E1  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.942874 24.209.40.219:2519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18956DF  Ack: 0xDEE0C54B  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:04.133062 24.209.40.219:2616 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1D802DA  Ack: 0xDF42D1C3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.128167 24.209.40.219:2706 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF224A287  Ack: 0xDF316EF4  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.217301 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51644 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF2717904  Ack: 0xDF4EA88B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.340137 24.209.40.219:2801 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF2739C0E  Ack: 0xDF600334  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.465931 24.209.40.219:2807 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51699 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF27831D5  Ack: 0xDF15E97B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.646729 24.209.40.219:2813 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27DB65B  Ack: 0xDFA930CD  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:07.710819 24.209.40.219:2721 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36173 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8329B22  Ack: 0x9BCC83FC  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:09.405470 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36477 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8724A09  Ack: 0x9C9C71F1  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:11.321205 24.209.40.219:2858 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A397E2  Ack: 0x9CBA6082  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:13.098376 24.209.40.219:2935 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8E30EE2  Ack: 0x9CD09E51  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:14.701615 24.209.40.219:3011 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9225EFB  Ack: 0x9CA7BC95  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:16.467036 24.209.40.219:3073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37671 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95668B8  Ack: 0x9C6582B9  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:18.199184 24.209.40.219:3135 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x987793E  Ack: 0x9C957F7F  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:28.622848 24.209.40.219:3579 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF04A51  Ack: 0x9DCA95E7  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:30.370817 24.209.40.219:3628 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40012 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB19E67F  Ack: 0x9DCF8C6C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:40.799383 24.209.40.219:4058 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41856 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC755432  Ack: 0x9DC7FEE4  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:42.309842 24.209.40.219:4132 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42107 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCB08714  Ack: 0x9E419F84  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:43.641885 24.209.40.219:4196 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42370 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCE475C8  Ack: 0x9E804DCB  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:45.260412 24.209.40.219:4237 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD07CD79  Ack: 0x9E0A84F5  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:47.064669 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42925 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:49.837381 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43389 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:52.051888 24.209.40.219:4509 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDE15292  Ack: 0x9F286788  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:06:02.930115 24.209.40.219:1118 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF3C9666  Ack: 0x9EF0C448  Win: 0xFFFF  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.40.219	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade