[Silicon Defense logo]

SnortSnarf alert page

Source: 24.74.152.249

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 22:43:12.740821 on 06/05/2003
Latest: 22:43:37.997678 on 06/05/2003

6 different signatures are present for 24.74.152.249 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.74.152.249 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:12.740821 24.74.152.249:4531 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD52EE881 Ack: 0xCFF3895D Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:13.207795 24.74.152.249:4540 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2879 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD535E9D0 Ack: 0xD029DAC5 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:13.431856 24.74.152.249:4545 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2908 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD53B3914 Ack: 0xD030B07F Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:17.026622 24.74.152.249:4660 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:3442 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD598AB63 Ack: 0xD07D9DF4 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:20.484548 24.74.152.249:4792 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4088 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD6030250 Ack: 0xD0C2CD5C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-22:43:20.700239 24.74.152.249:4798 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4119 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6088E22 Ack: 0xD058C41E Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-22:43:20.882192 24.74.152.249:4805 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4142 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD60EB916 Ack: 0xD0807AD5 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:21.103432 24.74.152.249:4808 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4175 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6124444 Ack: 0xD0D188CE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:24.572038 24.74.152.249:4888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6598D21 Ack: 0xD04ED716 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:28.169774 24.74.152.249:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6A82B05 Ack: 0xD0CDF59A Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:28.373347 24.74.152.249:4982 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6AD3C14 Ack: 0xD0846627 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:32.602562 24.74.152.249:1148 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD7212394 Ack: 0xD1194C80 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:33.005911 24.74.152.249:1162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD72DAAA3 Ack: 0xD0B47D7A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:33.440293 24.74.152.249:1168 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5805 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD733995E Ack: 0xD0C3B71E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:33.943017 24.74.152.249:1184 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5865 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD740ABF1 Ack: 0xD0C958DA Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-22:43:37.997678 24.74.152.249:1298 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6359 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7A3F87A Ack: 0xD1DBC2A2 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003