[Silicon Defense logo]

SnortSnarf alert page

Source: 24.60.106.185

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:03:09.956104 on 05/21/2003
Latest: 21:04:17.855940 on 05/21/2003

6 different signatures are present for 24.60.106.185 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.60.106.185 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:09.956104 24.60.106.185:1296 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:19944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x63EC529B Ack: 0x9A3A2488 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:14.669219 24.60.106.185:1670 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20814 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x651494FE Ack: 0x9A190D07 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:15.614185 24.60.106.185:1730 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:20969 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6543FA7B Ack: 0x9A8BC558 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:25.530198 24.60.106.185:2151 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22647 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x669F0D97 Ack: 0x9ACFB673 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:26.369983 24.60.106.185:2187 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22793 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE0F9C Ack: 0x9B75CCAF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/21-21:03:27.357506 24.60.106.185:2225 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:22954 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66DBEE33 Ack: 0x9B386AEA Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/21-21:03:28.540200 24.60.106.185:2255 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:23151 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x66F5B9D7 Ack: 0x9BB3D87C Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:41.862496 24.60.106.185:2707 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25473 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x686A5CA5 Ack: 0x9C031FBC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:42.832786 24.60.106.185:2880 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25642 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68F828B9 Ack: 0x9BD7A3F5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:43.899490 24.60.106.185:2930 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:25826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6922259D Ack: 0x9C747889 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:54.075547 24.60.106.185:3361 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27522 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A88D611 Ack: 0x9C751FD1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:03:55.151385 24.60.106.185:3426 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6ABCFF7B Ack: 0x9CF7BDEA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:04:05.378400 24.60.106.185:3889 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29545 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C30143B Ack: 0x9DD6C94C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:04:06.548450 24.60.106.185:3943 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C58F3F9 Ack: 0x9DC3B310 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:04:07.624896 24.60.106.185:3997 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29958 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6C845017 Ack: 0x9D0D9DC1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/21-21:04:17.855940 24.60.106.185:4464 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DFB5527 Ack: 0x9DC1B7B4 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003