[Silicon Defense logo]

SnortSnarf alert page

Source: 24.218.160.238

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

22 such alerts found using input module SnortFileInput, with sources:
Earliest: 12:52:38.409414 on 05/05/2003
Latest: 13:48:52.771899 on 05/12/2003

6 different signatures are present for 24.218.160.238 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.218.160.238 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:52:38.409414 24.218.160.238:4293 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:55235 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x61606C3F Ack: 0xCEE5FAED Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:52:48.665824 24.218.160.238:4590 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56760 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x62632F9E Ack: 0xCFF84CCD Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:52:49.124532 24.218.160.238:4607 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56831 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x62723EB7 Ack: 0xD02BD82C Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:52:49.576814 24.218.160.238:4622 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:56924 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x627ED207 Ack: 0xCFDD5C23 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:52:59.417932 24.218.160.238:4914 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58373 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x637D6DE1 Ack: 0xD04D414B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/05-12:53:00.057314 24.218.160.238:4923 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:58450 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6385FC16 Ack: 0xD0242A80 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/05-12:53:09.900673 24.218.160.238:1246 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6487583A Ack: 0xD1266445 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:10.387546 24.218.160.238:1267 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:59998 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x649928F9 Ack: 0xD1AD7589 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:14.481957 24.218.160.238:1368 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60541 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64F490EC Ack: 0xD19C03E6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:14.933501 24.218.160.238:1384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:60628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x650157E0 Ack: 0xD116CF97 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:24.935699 24.218.160.238:1643 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65E87645 Ack: 0xD21FA2AB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:31.968310 24.218.160.238:1750 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62818 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6646CF03 Ack: 0xD28ED360 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:32.483321 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:62903 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716 Ack: 0xD2C1A747 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:35.468378 24.218.160.238:1846 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63344 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x669B0716 Ack: 0xD2C1A747 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:35.968847 24.218.160.238:1952 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63424 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66F7D6BC Ack: 0xD31E166E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:36.465592 24.218.160.238:1962 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63503 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x67006847 Ack: 0xD278A822 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/05-12:53:36.945904 24.218.160.238:1985 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:63596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67128671 Ack: 0xD31D7E40 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-13:48:46.333938 24.218.160.238:1102 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61033 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x42078994 Ack: 0x61A7170E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-13:48:47.481794 24.218.160.238:1128 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61180 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x421F7B6E Ack: 0x61C9CED8 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-13:48:51.364286 24.218.160.238:1241 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61703 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4283A14B Ack: 0x619217D2 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-13:48:52.063890 24.218.160.238:1250 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61779 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x428BBD03 Ack: 0x6180B841 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/12-13:48:52.771899 24.218.160.238:1273 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:61879 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x429FBEEA Ack: 0x617CF135 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003