SnortSnarf alert page

Source: 24.209.97.26

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

50 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:09:26.918970 on 04/18/2003
Latest: 20:14:11.983888 on 04/27/2003

2 different signatures are present for 24.209.97.26 as a source

25 instances of WEB-IIS ISAPI .ida attempt
25 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.97.26 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.918970 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF950BA  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-11:09:26.926542 24.209.97.26:3228 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:6184 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBF9566E  Ack: 0x97FC356  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.927427 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC4FFC  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-12:55:09.969805 24.209.97.26:4507 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:2150 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC7AC55B0  Ack: 0x98294E74  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.949826 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC22DF  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-14:40:25.976923 24.209.97.26:1348 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13849 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CFC2893  Ack: 0x25C3CDF3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.548533 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE16CE  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-17:11:52.577902 24.209.97.26:2551 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35CE1C82  Ack: 0x61B74E82  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.546495 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF3F51  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-18:38:40.562813 24.209.97.26:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:65235 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD8BF4505  Ack: 0xAA1E44AB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.805120 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9449 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D6B70  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-20:58:32.834013 24.209.97.26:4622 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x685D7124  Ack: 0xBA9E8BDC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.537805 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4554  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/18-21:33:58.570066 24.209.97.26:3128 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:22381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39FC4B08  Ack: 0x41716013  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.155967 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A59F87  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.188008 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A5A53B  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.891560 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16203 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F478E2C  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:37:48.921280 24.209.97.26:2873 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:16204 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6F4793E0  Ack: 0xB07CC033  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.834863 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872713  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-20:46:37.865559 24.209.97.26:2703 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:10830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA4872CC7  Ack: 0xD21FB1BA  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.964587 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE20267  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:08:35.976676 24.209.97.26:4055 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:15780 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFE2081B  Ack: 0x19398F0B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.240729 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B63BD  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-17:40:31.269817 24.209.97.26:3450 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:54909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9A0B6971  Ack: 0x91F6FBD7  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.900636 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32844 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB843C  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-18:53:03.926782 24.209.97.26:4862 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:32845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33BB89F0  Ack: 0xA4253746  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.512031 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DB6E8  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-21:03:56.543101 24.209.97.26:1846 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF40DBC9C  Ack: 0xD2EA3BB8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.689940 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE23679EE  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:37:49.713916 24.209.97.26:2972 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:21630 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE2367FA2  Ack: 0x34C1410A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.400236 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5909 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311090  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:19:08.430654 24.209.97.26:1945 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5910 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD311644  Ack: 0xD11CD1B6  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.427920 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E63A9  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-23:43:44.458144 24.209.97.26:1259 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:48488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x261E695D  Ack: 0x2DA69E61  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.264819 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB76DF  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-00:11:11.294652 24.209.97.26:3463 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:43517 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9EB7C93  Ack: 0x952955D0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.460018 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58060 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA424FE9  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:24:21.506126 24.209.97.26:2289 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:58061 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA42559D  Ack: 0x2C2EE322  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.648796 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2623  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-14:59:09.675970 24.209.97.26:4039 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11555 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99A2BD7  Ack: 0xAFE93CC8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.809055 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE322B8  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-15:11:19.819375 24.209.97.26:1239 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14492 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE3286C  Ack: 0xDCDA0BAC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.456394 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7748 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A1A8  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-17:00:55.491412 24.209.97.26:3391 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x66A6A75C  Ack: 0x7BA388BB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.452709 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A86D4  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-18:24:32.471079 24.209.97.26:1140 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:11787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF49A8C88  Ack: 0xB746CC92  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.883528 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29521 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B1C4  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-19:50:19.901903 24.209.97.26:3136 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:29522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CD1B778  Ack: 0xFB25DCA5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.940019 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9E923  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/27-20:14:11.983888 24.209.97.26:3014 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:25216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34D9EED7  Ack: 0x5588F85E  Win: 0xFAF0  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.97.26	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade