SnortSnarf alert page

Source: 24.35.68.68

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

49 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:42:15.729050 on 05/25/2003
Latest: 23:59:45.348147 on 06/02/2003

6 different signatures are present for 24.35.68.68 as a source

3 instances of WEB-IIS _mem_bin access
3 instances of WEB-FRONTPAGE /_vti_bin/ access
6 instances of WEB-IIS CodeRed v2 root.exe access
10 instances of WEB-IIS multiple decode attempt
12 instances of WEB-IIS cmd.exe access
15 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.35.68.68 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:15.729050 24.35.68.68:2401 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34606 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x56B6F2E5  Ack: 0xBF7F523F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:16.383818 24.35.68.68:2415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34677 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x56C41DE9  Ack: 0xBFB7AC66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.708188 24.35.68.68:2463 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34842 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F340E3  Ack: 0xBFF27825  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.918067 24.35.68.68:2468 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34863 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F7F160  Ack: 0xC00CFB1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:20.124459 24.35.68.68:2471 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56FB1A8F  Ack: 0xC013E4EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.427050 24.35.68.68:2521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35034 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x572B1755  Ack: 0xBFEF0A67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.837726 24.35.68.68:2530 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35064 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5733989D  Ack: 0xBFC812AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:24.015078 24.35.68.68:2537 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35082 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x57394F38  Ack: 0xBFEDF461  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.186401 24.35.68.68:2580 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5765BD1B  Ack: 0xC03775C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.379325 24.35.68.68:2588 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35216 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x576C4540  Ack: 0xBF966649  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.556465 24.35.68.68:2628 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35343 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57980457  Ack: 0xC008E94C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.753914 24.35.68.68:2629 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5799BB75  Ack: 0xC080F104  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:33.871499 24.35.68.68:2636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x579F6C64  Ack: 0xC041303C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:34.085568 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35456 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.007524 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35593 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.291594 24.35.68.68:2723 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35614 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x57F7C588  Ack: 0xC02D5AE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:43.392337 24.35.68.68:2766 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58240DF6  Ack: 0xC1046BAF  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.208570 24.35.68.68:1728 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38308 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB1976E74  Ack: 0x2EE751DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:38.685597 24.35.68.68:1735 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38336 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB19E49A7  Ack: 0x2FBA108B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:41.876192 24.35.68.68:1768 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38498 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C3EEAE  Ack: 0x2F574866  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.099256 24.35.68.68:1770 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB1C66736  Ack: 0x2FE510B2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:42.290075 24.35.68.68:1774 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38531 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB1CA42C6  Ack: 0x2F47CDD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.578796 24.35.68.68:1780 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38550 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1CFA5EC  Ack: 0x2F0AE1CD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-01:23:42.806350 24.35.68.68:1786 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38567 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB1D5C080  Ack: 0x2F4594AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:43.035024 24.35.68.68:1790 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38582 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB1D9E5AC  Ack: 0x2FF2D5D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.188973 24.35.68.68:1915 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39120 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB259F710  Ack: 0x3078A989  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.351359 24.35.68.68:1917 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39135 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB25C1CAF  Ack: 0x3039A9A2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.525808 24.35.68.68:1923 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39147 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2611FB4  Ack: 0x306DC434  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:52.747968 24.35.68.68:1927 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB2650329  Ack: 0x30333CBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.089563 24.35.68.68:1932 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39191 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB2698E46  Ack: 0x2FE7B7E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.270116 24.35.68.68:1937 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39208 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB26EF4FB  Ack: 0x2FA170BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:23:53.446192 24.35.68.68:1942 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39219 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB2739F2C  Ack: 0x2FF6B18F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-01:24:02.713365 24.35.68.68:2083 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB2FF3159  Ack: 0x3121FE50  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:53.904763 24.35.68.68:3738 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26139 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x439451C5  Ack: 0x2F242E74  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.727826 24.35.68.68:3747 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26162 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x439D9E74  Ack: 0x2F063D5D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:58:54.937310 24.35.68.68:3753 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:26185 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43A28A31  Ack: 0x2E6F24F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.080503 24.35.68.68:4346 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27649 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46073873  Ack: 0x31218EEC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.293892 24.35.68.68:4348 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27662 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x46091455  Ack: 0x31C22470  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.472209 24.35.68.68:4350 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460B3B93  Ack: 0x319CEE66  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-23:59:40.671090 24.35.68.68:4355 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27683 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x460F4620  Ack: 0x31185F30  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:40.853381 24.35.68.68:4358 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27695 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x46126186  Ack: 0x31569A05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.039677 24.35.68.68:4360 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46146F31  Ack: 0x32090684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.227905 24.35.68.68:4363 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4617AD0F  Ack: 0x313CA162  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:41.410200 24.35.68.68:4366 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x461A75B8  Ack: 0x317201E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.614049 24.35.68.68:4411 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x464490B6  Ack: 0x3220F2E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.810154 24.35.68.68:4415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27847 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x46485BBD  Ack: 0x31F22908  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:44.968261 24.35.68.68:4419 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27858 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x464B1C9F  Ack: 0x31E39370  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.141414 24.35.68.68:4422 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27869 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x464DFFCD  Ack: 0x319C5E85  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/02-23:59:45.348147 24.35.68.68:4425 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:27888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4650A732  Ack: 0x31BD7FF1  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

24.35.68.68	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade