[Silicon Defense logo]

SnortSnarf alert page

Source: 24.91.57.211

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 02:33:22.489402 on 05/16/2003
Latest: 02:34:22.337608 on 05/16/2003

6 different signatures are present for 24.91.57.211 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.91.57.211 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:22.489402 24.91.57.211:3131 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9623 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9FF355A5 Ack: 0x685AD1DC Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:26.265087 24.91.57.211:3180 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:9725 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0255DA7 Ack: 0x6888B0E8 Win: 0xB5C9 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:35.725158 24.91.57.211:3337 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10205 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0BE9B55 Ack: 0x69DBFAEE Win: 0xB5C9 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:38.906899 24.91.57.211:3373 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10293 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0E55307 Ack: 0x6988B6EE Win: 0xB5C9 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:42.298389 24.91.57.211:3412 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA10E3D25 Ack: 0x6999F8C1 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-02:33:42.454386 24.91.57.211:3414 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10390 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1108271 Ack: 0x69B1DA18 Win: 0xB5C9 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/16-02:33:55.240526 24.91.57.211:3556 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:10873 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA1A2F8EE Ack: 0x6ABC8FEE Win: 0xB5C9 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:33:58.880425 24.91.57.211:3614 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11004 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1DC9EB6 Ack: 0x6A9A79E7 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:02.506167 24.91.57.211:3690 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11082 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2281465 Ack: 0x6AD365F4 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.002740 24.91.57.211:3892 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E1BFEC Ack: 0x6B571A04 Win: 0xB5C9 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.172258 24.91.57.211:3895 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11817 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E471B8 Ack: 0x6B823800 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.381340 24.91.57.211:3899 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11827 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E81979 Ack: 0x6BAD44E8 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.543927 24.91.57.211:3903 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11840 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA2EBD58A Ack: 0x6BEE4DB5 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.704869 24.91.57.211:3907 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA2EF29DD Ack: 0x6B7D6C03 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:12.872046 24.91.57.211:3912 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:11859 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2F3731B Ack: 0x6BBB1E33 Win: 0xB5C9 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/16-02:34:22.337608 24.91.57.211:4035 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12152 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA37181AA Ack: 0x6C17C972 Win: 0xB5C9 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003