[Silicon Defense logo]

SnortSnarf alert page

Source: 24.243.175.144

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

15 such alerts found using input module SnortFileInput, with sources:
Earliest: 00:22:30.302662 on 05/07/2003
Latest: 00:23:40.157101 on 05/07/2003

6 different signatures are present for 24.243.175.144 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.243.175.144 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:30.302662 24.243.175.144:3749 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49344 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBCA51688 Ack: 0x3CB2D007 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:30.929455 24.243.175.144:3762 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCB0ABAA Ack: 0x3D25FBD1 Win: 0xFAF0 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:31.456543 24.243.175.144:3777 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCBE4F1F Ack: 0x3C70430A Win: 0xFAF0 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:32.219687 24.243.175.144:3796 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49545 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBCCE33F6 Ack: 0x3CEA2B22 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/07-00:22:42.307878 24.243.175.144:4054 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDB515B3 Ack: 0x3D7D59D1 Win: 0xFAF0 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/07-00:22:42.880440 24.243.175.144:4076 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50519 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDC76852 Ack: 0x3DC8D523 Win: 0xFAF0 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:53.189531 24.243.175.144:4332 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51504 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBEA81E54 Ack: 0x3E2E50D5 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:57.580699 24.243.175.144:4460 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF1652A2 Ack: 0x3EA76657 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:58.275678 24.243.175.144:4485 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52129 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF2B17DB Ack: 0x3EDDF171 Win: 0xFAF0 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:22:59.166570 24.243.175.144:4503 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF3A00A0 Ack: 0x3E1062FB Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:23:02.917076 24.243.175.144:4598 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52580 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8DE39C Ack: 0x3EB0F0EA Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:23:25.200132 24.243.175.144:1246 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54498 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC1594EA1 Ack: 0x3FDE1BCC Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:23:25.937885 24.243.175.144:1263 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54560 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1682CB3 Ack: 0x40774F84 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:23:26.754713 24.243.175.144:1285 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54628 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC17CDF28 Ack: 0x405F078F Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-00:23:40.157101 24.243.175.144:1559 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC27139E4 Ack: 0x4149AFD2 Win: 0xFAF0 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003