[Silicon Defense logo]

SnortSnarf alert page

Source: 24.74.84.124

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

34 such alerts found using input module SnortFileInput, with sources:
Earliest: 03:30:07.826942 on 05/02/2003
Latest: 13:08:06.904639 on 05/07/2003

6 different signatures are present for 24.74.84.124 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.74.84.124 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:07.826942 24.74.84.124:4352 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37613 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x461CDA4D Ack: 0xC1C6AB75 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:09.632645 24.74.84.124:4524 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37912 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x46AC718A Ack: 0xC22699DB Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:11.400256 24.74.84.124:4582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38184 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46DD0A52 Ack: 0xC2333196 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:12.950567 24.74.84.124:4657 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38456 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x471AB8B2 Ack: 0xC29D35C5 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:23.774212 24.74.84.124:1100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40150 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48679DBB Ack: 0xC3B921FB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/02-03:30:25.160403 24.74.84.124:1178 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40415 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48A04C5F Ack: 0xC47887D8 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/02-03:30:35.789814 24.74.84.124:1582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42079 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49EACE55 Ack: 0xC49FEF5F Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:37.558363 24.74.84.124:1645 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42377 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4A211AF4 Ack: 0xC4CFB1BC Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:51.031256 24.74.84.124:2068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B7E2ECD Ack: 0xC565D028 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:30:56.200627 24.74.84.124:2381 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C7D2DC4 Ack: 0xC66C6DA4 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:01.045934 24.74.84.124:2563 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46194 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D17583E Ack: 0xC6905E01 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:02.996105 24.74.84.124:2629 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D4E4399 Ack: 0xC6FEB895 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:04.685312 24.74.84.124:2692 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46784 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4D85E424 Ack: 0xC6461620 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:06.147135 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47015 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9 Ack: 0xC6CAA5A6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:09.266485 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47524 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9 Ack: 0xC6CAA5A6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:16.607747 24.74.84.124:3157 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:48720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4F050728 Ack: 0xC75E6DF1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/02-03:31:27.162067 24.74.84.124:3571 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50452 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x505A30A7 Ack: 0xC785ADC4 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:06:39.990177 24.74.84.124:2693 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27597 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7204CC0B Ack: 0x83F9E739 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:06:41.906877 24.74.84.124:2746 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27862 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x72326573 Ack: 0x832E50D3 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:06:43.696150 24.74.84.124:2796 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x725DEA2A Ack: 0x8350A2B6 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:06.409016 24.74.84.124:3454 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x74949C61 Ack: 0x85865419 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:11.019717 24.74.84.124:3587 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7502CB18 Ack: 0x858B08D5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/07-13:07:12.721001 24.74.84.124:3631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x752A32CD Ack: 0x8531574E Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/07-13:07:14.580790 24.74.84.124:3678 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32470 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7553420C Ack: 0x85AB717E Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:16.664943 24.74.84.124:3734 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32720 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7582CC34 Ack: 0x857BBD4E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:27.734108 24.74.84.124:4027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34149 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x767CD6D2 Ack: 0x86838301 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:29.743542 24.74.84.124:4083 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76A9594C Ack: 0x8686F052 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:31.410778 24.74.84.124:4141 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76DD4E70 Ack: 0x86B81689 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:33.202141 24.74.84.124:4188 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34885 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7706803C Ack: 0x86E691AD Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:43.876671 24.74.84.124:4492 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36397 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x78115094 Ack: 0x873D1FED Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:45.484626 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36647 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7 Ack: 0x8777FFAF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:48.561431 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7 Ack: 0x8777FFAF Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:07:56.218073 24.74.84.124:4875 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38236 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7957B965 Ack: 0x8843A5BB Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/07-13:08:06.904639 24.74.84.124:1225 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39757 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A60F0CA Ack: 0x88E2303D Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003