SnortSnarf alert page

Source: 24.44.2.165

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

51 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:47:54.415101 on 04/26/2003
Latest: 22:51:01.472165 on 06/09/2003

6 different signatures are present for 24.44.2.165 as a source

3 instances of WEB-IIS _mem_bin access
4 instances of WEB-FRONTPAGE /_vti_bin/ access
6 instances of WEB-IIS CodeRed v2 root.exe access
11 instances of WEB-IIS multiple decode attempt
12 instances of WEB-IIS cmd.exe access
15 instances of WEB-IIS unicode directory traversal attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

24.44.2.165 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:47:54.415101 24.44.2.165:3809 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11674B9A  Ack: 0x5B626E02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:03.994523 24.44.2.165:3919 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:65256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11D9B716  Ack: 0x5BF2A4BA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.121455 24.44.2.165:3957 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12027922  Ack: 0x5B6730B1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.250051 24.44.2.165:3960 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1204A09D  Ack: 0x5C223A94  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:07.371094 24.44.2.165:3961 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:640 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1205FD17  Ack: 0x5B2AF64D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:10.486811 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3515 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.346679 24.44.2.165:3994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4890 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x122B4E91  Ack: 0x5C2351B0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-22:48:13.623816 24.44.2.165:4037 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5074 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12553F17  Ack: 0x5C1D1411  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.740254 24.44.2.165:4040 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5080 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x12582011  Ack: 0x5B993493  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:13.861361 24.44.2.165:4041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:5088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12596D8A  Ack: 0x5B920D49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:16.964851 24.44.2.165:4080 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:6568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1281A2D2  Ack: 0x5BBF8CF2  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.120313 24.44.2.165:4112 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A4DEBC  Ack: 0x5CBC9489  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.282620 24.44.2.165:4115 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x12A73A18  Ack: 0x5C22F7F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.462504 24.44.2.165:4118 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8188 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x12AA47C0  Ack: 0x5CB255F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.595268 24.44.2.165:4124 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8198 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12AF6A5E  Ack: 0x5C603979  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:20.725804 24.44.2.165:4125 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8208 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x12B0F8B4  Ack: 0x5CF4D7FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-22:48:23.842347 24.44.2.165:4164 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8284 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12D6A816  Ack: 0x5D1AEB74  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:34.880955 24.44.2.165:2551 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24974 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4A38E656  Ack: 0x4BF4B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:35.260372 24.44.2.165:2553 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24987 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4A3BB1DC  Ack: 0x4B36DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:41.828769 24.44.2.165:2595 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25141 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A683437  Ack: 0x4BBDACA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:45.131989 24.44.2.165:2672 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25233 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4AB793E1  Ack: 0x552113A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:48.430190 24.44.2.165:2711 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25317 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4AE0B68F  Ack: 0x54EB92C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:48.599652 24.44.2.165:2713 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25328 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AE30531  Ack: 0x553C739  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:51.903641 24.44.2.165:2751 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25409 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B0889D3  Ack: 0x5AD916F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.022261 24.44.2.165:2754 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25416 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4B0B542A  Ack: 0x5A8CF7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.135669 24.44.2.165:2757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0DF1F9  Ack: 0x600F236  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.304262 24.44.2.165:2759 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B10008D  Ack: 0x551D4FE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.461095 24.44.2.165:2761 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B11FCAE  Ack: 0x6096923  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.633397 24.44.2.165:2763 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25456 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B1475BD  Ack: 0x5E1F630  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.766617 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25466 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:55.711064 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.059348 24.44.2.165:2807 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B3FE8CF  Ack: 0x5D1EE02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.168570 24.44.2.165:2810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25568 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B427F15  Ack: 0x60E1CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.306356 24.44.2.165:2811 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25577 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B43D302  Ack: 0x64F2062  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.009465 24.44.2.165:4201 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58442 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6C083590  Ack: 0xEB4707B0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.327018 24.44.2.165:4207 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58458 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6C0DA10D  Ack: 0xEAD498BE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.466033 24.44.2.165:4209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58470 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C0F91E1  Ack: 0xEB1808CB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.632211 24.44.2.165:4214 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58484 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C13EDA9  Ack: 0xEBA658E2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.763113 24.44.2.165:4219 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58498 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C17DBF6  Ack: 0xEADA465E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:41.903850 24.44.2.165:4221 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58508 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C19A789  Ack: 0xEAF038F0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:42.046965 24.44.2.165:4223 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58520 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C1BF415  Ack: 0xEBC6057F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.165925 24.44.2.165:4274 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58638 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C4ADD7A  Ack: 0xEB3E4BAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.292227 24.44.2.165:4276 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58647 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4C802A  Ack: 0xEBD15D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.471448 24.44.2.165:4278 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58657 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4EDBA9  Ack: 0xEBB43228  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.607543 24.44.2.165:4317 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58736 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C76EBE5  Ack: 0xEC3FAB70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.741660 24.44.2.165:4320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58747 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C792193  Ack: 0xEBB71DCE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.891352 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:51.806936 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58839 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.138390 24.44.2.165:4363 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CA34419  Ack: 0xEC1D1E8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.269073 24.44.2.165:4365 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58853 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CA55D78  Ack: 0xEC74C1D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:51:01.472165 24.44.2.165:4475 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59092 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D177F90  Ack: 0xECEA3047  Win: 0x4470  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

24.44.2.165	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade