[Silicon Defense logo]

SnortSnarf alert page

Source: 24.78.148.85

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

15 such alerts found using input module SnortFileInput, with sources:
Earliest: 05:16:57.318275 on 05/01/2003
Latest: 05:17:30.447176 on 05/01/2003

6 different signatures are present for 24.78.148.85 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.78.148.85 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:16:57.318275 24.78.148.85:1705 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34923 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9F6836E3 Ack: 0x167AFD86 Win: 0xFC00 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:16:57.807537 24.78.148.85:1718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:34962 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9F748D07 Ack: 0x173E9554 Win: 0xFC00 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:01.330692 24.78.148.85:1815 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9FC68667 Ack: 0x16C51891 Win: 0xFC00 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:04.806857 24.78.148.85:1905 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35599 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA013E843 Ack: 0x177EC342 Win: 0xFC00 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:05.050590 24.78.148.85:1913 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:35622 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA01A6BB7 Ack: 0x16F1123A Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/01-05:17:14.609484 24.78.148.85:2102 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C5255F Ack: 0x181014D6 Win: 0xFC00 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/01-05:17:14.897743 24.78.148.85:2106 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA0C94AB8 Ack: 0x17EE4FB1 Win: 0xFC00 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:15.149810 24.78.148.85:2114 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36240 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA0D07475 Ack: 0x17885493 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:24.599476 24.78.148.85:2276 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36759 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA170426E Ack: 0x18C90258 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:24.834585 24.78.148.85:2279 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36768 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1737413 Ack: 0x18C80CB3 Win: 0xFC00 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:25.297355 24.78.148.85:2285 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1792C72 Ack: 0x18D1217B Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:25.569409 24.78.148.85:2291 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA17DE064 Ack: 0x18DCEA02 Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:29.347267 24.78.148.85:2346 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36982 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1B4D69C Ack: 0x186DF60B Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:29.685959 24.78.148.85:2354 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37012 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA1BBA852 Ack: 0x18C7235E Win: 0xFC00 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/01-05:17:30.447176 24.78.148.85:2383 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37093 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA1D34D2D Ack: 0x1888CD4E Win: 0xFC00 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003