SnortSnarf alert page

Source: 24.209.98.148: #101-125

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:04:23.716529 on 06/05/2003
Latest: 17:05:59.660073 on 06/15/2003

2 different signatures are present for 24.209.98.148 as a source

62 instances of WEB-IIS ISAPI .ida attempt
63 instances of WEB-IIS cmd.exe access

There are 1 distinct destination IPs in the alerts of the type on this page.

24.209.98.148 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:04:23.716529 24.209.98.148:1501 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:36303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CA36049  Ack: 0x3CD1B4DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.261986 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60280EBC  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-16:17:50.292525 24.209.98.148:2455 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:23178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60281470  Ack: 0x5F5F80DB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.838127 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F1E9E  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/07-17:39:29.868006 24.209.98.148:2830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57283 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x684F2452  Ack: 0xD462333A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.680121 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58074 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49EA51  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-17:51:10.710369 24.209.98.148:4072 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58075 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC49F005  Ack: 0x8047F872  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.372689 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7618A  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-18:58:06.413247 24.209.98.148:2035 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:21142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2CE7673E  Ack: 0x7BF9A2AA  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.530580 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14016 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78B4FB  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-20:28:08.583645 24.209.98.148:4830 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:14017 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D78BAAF  Ack: 0xD0BBCEA7  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.656391 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57100 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EF53A  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-21:24:35.680175 24.209.98.148:1138 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57101 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1EFAEE  Ack: 0xA671661A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.382162 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A385FF  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.411615 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A38BB3  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.257162 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD147C1  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.275108 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD14D75  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.121351 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA5E39  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.146040 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA63ED  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.618630 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3933E9D  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.649678 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3934451  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.913866 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E41C24  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.928002 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E421D8  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.631497 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED41C13  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/15-17:05:59.660073 24.209.98.148:2739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:8229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDED421C7  Ack: 0x54104576  Win: 0xFAF0  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

24.209.98.148	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade