SnortSnarf alert page

Source: 24.245.2.233

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

66 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:16:00.530934 on 05/07/2003
Latest: 02:19:59.529823 on 05/20/2003

6 different signatures are present for 24.245.2.233 as a source

4 instances of WEB-IIS _mem_bin access
4 instances of WEB-FRONTPAGE /_vti_bin/ access
8 instances of WEB-IIS CodeRed v2 root.exe access
14 instances of WEB-IIS multiple decode attempt
16 instances of WEB-IIS cmd.exe access
20 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.245.2.233 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:00.530934 24.245.2.233:2803 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39608 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5A9A0DF  Ack: 0x244A9F4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:01.970634 24.245.2.233:2821 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB5BD2189  Ack: 0x251223A8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:23.696566 24.245.2.233:3121 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6EB9431  Ack: 0x25FFCA48  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.109329 24.245.2.233:3126 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40487 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6F0EB18  Ack: 0x266B26A4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.505643 24.245.2.233:3131 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB6F6898F  Ack: 0x25FBF7FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.325799 24.245.2.233:3140 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7003845  Ack: 0x2603AE49  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.719867 24.245.2.233:3147 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40548 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7070231  Ack: 0x26436EB1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.130849 24.245.2.233:3151 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40561 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70BBE88  Ack: 0x269A0CC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.545787 24.245.2.233:3154 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40581 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB70FB9AE  Ack: 0x263B45FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.929035 24.245.2.233:3158 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7142E5A  Ack: 0x2678D2CA  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.397163 24.245.2.233:3167 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB71C1EC6  Ack: 0x25C2A253  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.780400 24.245.2.233:3177 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40667 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7268917  Ack: 0x26B1DB4B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:28.180484 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40701 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.141538 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40817 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.745310 24.245.2.233:3236 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40835 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7618A56  Ack: 0x26683F94  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.158121 24.245.2.233:3244 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40854 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB768F9E7  Ack: 0x260F2962  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.596231 24.245.2.233:3252 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB770F442  Ack: 0x26CC8FF2  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:04.999358 24.245.2.233:3701 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4581 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDC25590A  Ack: 0xB40FB98  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:05.641847 24.245.2.233:3711 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4603 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDC2F8300  Ack: 0xB51C038  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.310155 24.245.2.233:3769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC697508  Ack: 0xB426424  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:09.509672 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC6B6F8C  Ack: 0xB3672AF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:12.740256 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC9B10BD  Ack: 0xADDAF3F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:12.924552 24.245.2.233:3826 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:4913 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDCA0E5A5  Ack: 0xB50E98A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-10:53:22.446942 24.245.2.233:3939 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5172 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDD14ADB1  Ack: 0xBBC8E55  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.755863 24.245.2.233:3944 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5184 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDD191A7F  Ack: 0xB925C32  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:22.961231 24.245.2.233:3947 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD1CA9F2  Ack: 0xBC35A5D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:26.464908 24.245.2.233:3987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5307 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD462B98  Ack: 0xC5C6724  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:29.958235 24.245.2.233:4037 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDD7BD68D  Ack: 0xC544BEB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:39.706387 24.245.2.233:4184 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:5880 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDE0E6744  Ack: 0xD1C1394  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:49.171614 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6372 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.089485 24.245.2.233:4342 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDEA885D8  Ack: 0xDAD1B2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.480557 24.245.2.233:4385 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6470 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDED461E0  Ack: 0xE01A74E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:53:52.677893 24.245.2.233:4391 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6478 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDED970F4  Ack: 0xD5D3866  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-10:54:02.113944 24.245.2.233:4496 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:6720 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDF4C1B1C  Ack: 0xE26E8A1  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:13.236275 24.245.2.233:2023 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45163 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A26CBA3  Ack: 0xECFC7E2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.074552 24.245.2.233:2144 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45756 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2A90F8FB  Ack: 0xED1FFA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.801982 24.245.2.233:2162 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AA205F8  Ack: 0xED08B33C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:19.622936 24.245.2.233:2180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45967 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AB1E555  Ack: 0xED5B656E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:20.298916 24.245.2.233:2198 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46075 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2AC38D63  Ack: 0xED891C33  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:27.413283 24.245.2.233:2316 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B2968B5  Ack: 0xEE2C79FB  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-23:11:31.074542 24.245.2.233:2423 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47940 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2B882B1E  Ack: 0xEE451B52  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:35.310389 24.245.2.233:2590 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48430 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2C1D72E8  Ack: 0xEE15A2EC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:39.139436 24.245.2.233:2608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C2CB603  Ack: 0xEE66F5AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:42.854983 24.245.2.233:2706 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2C838935  Ack: 0xEF16C5E7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:46.979172 24.245.2.233:2896 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49967 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D2B27A8  Ack: 0xEF664E81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:50.574647 24.245.2.233:2926 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D43D324  Ack: 0xEF08DA85  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:54.601467 24.245.2.233:3103 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50832 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2DDEB883  Ack: 0xEF2DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:55.574742 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50942 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:58.385144 24.245.2.233:3125 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DF27541  Ack: 0xF00B9B7F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:12:03.031848 24.245.2.233:3344 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2EACF522  Ack: 0xEFBF5684  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:15.860038 24.245.2.233:3439 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46291 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x71E2985C  Ack: 0xC38C5FC9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:18.968217 24.245.2.233:3478 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46462 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x720CBF50  Ack: 0xC3583F32  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.472518 24.245.2.233:3608 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47000 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x72954306  Ack: 0xC4E48971  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.693627 24.245.2.233:3616 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47026 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x729C31CE  Ack: 0xC409B0DA  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:28.930032 24.245.2.233:3620 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47050 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x729FCC07  Ack: 0xC42AEE03  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:38.452343 24.245.2.233:3771 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47709 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7336BD8A  Ack: 0xC57D2281  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-02:19:42.582499 24.245.2.233:3821 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47946 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x736892F2  Ack: 0xC4CBEC04  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:43.440466 24.245.2.233:3832 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47990 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7373A391  Ack: 0xC54BF57C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.342939 24.245.2.233:3846 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48038 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7381B482  Ack: 0xC5B7FAFB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:44.682846 24.245.2.233:3857 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48065 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738CF405  Ack: 0xC5ACA066  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:45.228083 24.245.2.233:3858 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x738EBAD4  Ack: 0xC54DDB3E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:55.353395 24.245.2.233:3975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48617 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x740A3E65  Ack: 0xC662A6B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:56.290773 24.245.2.233:3982 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48662 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x74115D5E  Ack: 0xC593D782  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:57.140662 24.245.2.233:3991 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x741AF98D  Ack: 0xC6698F30  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:58.285170 24.245.2.233:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48766 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7427974B  Ack: 0xC69966AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-02:19:59.529823 24.245.2.233:4018 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48831 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x74364337  Ack: 0xC6756B45  Win: 0xFAF0  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.245.2.233	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade