[Silicon Defense logo]

SnortSnarf alert page

Source: 24.219.28.221

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

34 such alerts found using input module SnortFileInput, with sources:
Earliest: 00:51:26.622183 on 06/08/2003
Latest: 22:42:39.440072 on 06/11/2003

6 different signatures are present for 24.219.28.221 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.219.28.221 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:26.622183 24.219.28.221:3631 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61071 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAE70E332 Ack: 0x33C42ED1 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:27.143367 24.219.28.221:3644 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61102 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAE7C1B1D Ack: 0x33BD1F79 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:29.457251 24.219.28.221:3712 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61314 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEB73D57 Ack: 0x33DF5FC8 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:29.753326 24.219.28.221:3723 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61340 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAEC08B49 Ack: 0x33B3494C Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:30.055886 24.219.28.221:3728 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEC5F240 Ack: 0x348B922F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/08-00:51:33.450066 24.219.28.221:3829 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61616 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF1C706A Ack: 0x342B2BBA Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/08-00:51:36.933250 24.219.28.221:3954 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62001 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF88CCA8 Ack: 0x344FD79D Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:40.317941 24.219.28.221:3964 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62300 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF915CBB Ack: 0x34B57CF3 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:40.642688 24.219.28.221:4070 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFEB3D6F Ack: 0x348D236F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:40.935257 24.219.28.221:4079 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF397EF Ack: 0x34C3C771 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:41.261272 24.219.28.221:4086 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62372 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAFF9FEA7 Ack: 0x346F8E8A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:41.599229 24.219.28.221:4095 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB00210D2 Ack: 0x34AAE1CC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:41.917600 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62434 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755 Ack: 0x34A68E41 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:44.852025 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62663 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB00C8755 Ack: 0x34A68E41 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:45.087240 24.219.28.221:4196 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62685 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0582B6C Ack: 0x34CA3674 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:45.258372 24.219.28.221:4204 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62702 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB05F09B0 Ack: 0x34E77775 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:51:51.223579 24.219.28.221:4401 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63260 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1053BE9 Ack: 0x3577D485 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:41:59.540863 24.219.28.221:1804 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44941 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x833B4C85 Ack: 0x4AD91963 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:00.059526 24.219.28.221:1851 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:45061 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x83601BB4 Ack: 0x4ABC5BAA Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:11.380191 24.219.28.221:2562 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x85913590 Ack: 0x4B5D724D Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:20.690859 24.219.28.221:3071 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:48393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8727D8B2 Ack: 0x4B4DC3DF Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:30.010121 24.219.28.221:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49664 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88B46B34 Ack: 0x4BFD988F Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/11-22:42:30.362863 24.219.28.221:3602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49734 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88C77B45 Ack: 0x4C7367F2 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/11-22:42:30.719932 24.219.28.221:3626 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49829 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88D96D36 Ack: 0x4C602F29 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:31.039703 24.219.28.221:3658 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49915 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x88F384CB Ack: 0x4C285FAC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:31.348352 24.219.28.221:3681 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49984 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8906776F Ack: 0x4C1CA777 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:31.662791 24.219.28.221:3699 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x89141D41 Ack: 0x4C7FEEAC Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:31.972419 24.219.28.221:3720 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50091 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x892522A2 Ack: 0x4C2BD67B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:32.368929 24.219.28.221:3745 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50144 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x893828F9 Ack: 0x4CF3BBA9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:32.671901 24.219.28.221:3763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x894726ED Ack: 0x4C4A5173 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:35.908550 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52 Ack: 0x4C56DD0B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:38.861954 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51062 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52 Ack: 0x4C56DD0B Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:39.073377 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51094 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8A5A4016 Ack: 0x4C992885 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/11-22:42:39.440072 24.219.28.221:4124 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A68380B Ack: 0x4CD9A257 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003