[Silicon Defense logo]

SnortSnarf alert page

Source: 24.74.33.155

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

15 such alerts found using input module SnortFileInput, with sources:
Earliest: 01:04:37.398771 on 04/26/2003
Latest: 01:05:10.892904 on 04/26/2003

6 different signatures are present for 24.74.33.155 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.74.33.155 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:37.398771 24.74.33.155:1548 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x94F3F73E Ack: 0x2033FC6D Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:38.809652 24.74.33.155:1602 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x95229DA2 Ack: 0x206ED5E0 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:40.317066 24.74.33.155:1635 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x954043B1 Ack: 0x2084D6E7 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:42.001972 24.74.33.155:1674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9562A9B1 Ack: 0x20F65D54 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:43.687969 24.74.33.155:1734 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:455 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9594ECAA Ack: 0x21283A2C Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-01:04:45.208354 24.74.33.155:1771 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95B6726E Ack: 0x20F57A6B Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-01:04:46.994168 24.74.33.155:1817 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:922 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95DB0B18 Ack: 0x211FBFF2 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:50.313520 24.74.33.155:1912 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1364 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96300839 Ack: 0x2195AB89 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:52.011542 24.74.33.155:1964 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x965DB6D3 Ack: 0x21038235 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:57.193715 24.74.33.155:2101 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2278 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96D5A696 Ack: 0x21DF7704 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:04:58.530384 24.74.33.155:2159 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97083283 Ack: 0x21797A7D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:05:00.162014 24.74.33.155:2187 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2689 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9721E31E Ack: 0x21DDE5E4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:05:04.691392 24.74.33.155:2329 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3363 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x979CCB3C Ack: 0x2201DCE9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:05:06.249794 24.74.33.155:2367 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3592 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97BF4999 Ack: 0x2248BC7E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/26-01:05:10.892904 24.74.33.155:2509 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x98386E33 Ack: 0x22B73E7F Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003