[Silicon Defense logo]

SnortSnarf alert page

Source: 24.98.140.134

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

46 such alerts found using input module SnortFileInput, with sources:
Earliest: 06:25:41.135041 on 06/04/2003
Latest: 00:56:39.537519 on 06/08/2003

6 different signatures are present for 24.98.140.134 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.98.140.134 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:25:41.135041 24.98.140.134:2350 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31518 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x766D19B5 Ack: 0x237DC83B Win: 0xF990 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:25:41.722824 24.98.140.134:2386 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31595 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x768C1545 Ack: 0x22AF96A9 Win: 0xF990 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:25:51.278363 24.98.140.134:2728 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77A74A59 Ack: 0x234C9911 Win: 0xF990 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:25:51.753576 24.98.140.134:2758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32953 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77C08CCC Ack: 0x23A54196 Win: 0xF990 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:01.245198 24.98.140.134:3136 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x78FCD28C Ack: 0x2443E3B2 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/04-06:26:01.743329 24.98.140.134:3155 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34407 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x790C1EC3 Ack: 0x2411E10E Win: 0xF990 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/04-06:26:02.294797 24.98.140.134:3175 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34471 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x791D3790 Ack: 0x24B650B7 Win: 0xF990 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:02.739746 24.98.140.134:3187 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34548 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7928C4E4 Ack: 0x242DD4CC Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:12.447023 24.98.140.134:3592 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36017 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A75A492 Ack: 0x2537132D Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:15.696532 24.98.140.134:3611 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36577 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A858A63 Ack: 0x24F35337 Win: 0xF990 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:16.145478 24.98.140.134:3758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36650 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7B0161A4 Ack: 0x259DE9CF Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:25.746211 24.98.140.134:4146 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:37952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C42BF17 Ack: 0x25712B10 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:26.045707 24.98.140.134:4159 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:38020 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7C4E128B Ack: 0x2609D67F Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:35.442020 24.98.140.134:4168 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:39596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C55CEE9 Ack: 0x255446A6 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:38.638781 24.98.140.134:4595 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40130 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7DAC8A57 Ack: 0x26F81223 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/04-06:26:39.122268 24.98.140.134:4836 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40179 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E1ECBD7 Ack: 0x26CBBB1F Win: 0xF990 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:08.859727 24.98.140.134:2433 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1419 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C83BDD4 Ack: 0xB88206BD Win: 0xF990 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:09.003677 24.98.140.134:2710 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1479 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D537075 Ack: 0xB7B41DE9 Win: 0xF990 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:09.159404 24.98.140.134:2724 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1520 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D5EAA70 Ack: 0xB8827A96 Win: 0xF990 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:09.335319 24.98.140.134:2733 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:1554 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5D65BE25 Ack: 0xB7F8CC0B Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-07:22:18.562432 24.98.140.134:3531 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4265 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FC7A8D6 Ack: 0xB9048F04 Win: 0xF990 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-07:22:18.765362 24.98.140.134:3537 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:4301 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5FCCEAB3 Ack: 0xB904CDB2 Win: 0xF990 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:28.119843 24.98.140.134:4326 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6739 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622317D0 Ack: 0xB97E78D0 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:28.316735 24.98.140.134:4396 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6822 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x623915AA Ack: 0xB8D31D70 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:28.552353 24.98.140.134:4451 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6256E426 Ack: 0xB937BB6D Win: 0xF990 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:28.950580 24.98.140.134:4471 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:6960 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6260C16D Ack: 0xB98308FD Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:38.469604 24.98.140.134:1514 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:9480 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64B2B54E Ack: 0xB9A81F03 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:47.729233 24.98.140.134:2324 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:11982 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x672541B0 Ack: 0xBA2A8861 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:48.019617 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061 Ack: 0xBA925D4E Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:50.997991 24.98.140.134:2332 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12765 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x672B8061 Ack: 0xBA925D4E Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:22:51.480215 24.98.140.134:2602 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:12907 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x680209E3 Ack: 0xBAB137A5 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/07-07:23:00.877124 24.98.140.134:3382 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:15398 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A55D065 Ack: 0xBBAE2D8B Win: 0xF990 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:25.519784 24.98.140.134:4095 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:58253 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3E66C4D Ack: 0x46E56650 Win: 0xF990 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:32.426623 24.98.140.134:4457 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59708 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x504B591 Ack: 0x46C0C068 Win: 0xF990 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:32.812594 24.98.140.134:4781 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:59784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x59A9407 Ack: 0x479B0349 Win: 0xF990 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:36.315737 24.98.140.134:1113 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60612 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6468A5F Ack: 0x478A2A23 Win: 0xF990 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:36.519304 24.98.140.134:1132 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x654D4B6 Ack: 0x47A3CB4C Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/08-00:56:36.818201 24.98.140.134:1143 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65E0BEB Ack: 0x474D76E9 Win: 0xF990 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/08-00:56:37.206714 24.98.140.134:1170 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60837 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x670EEF7 Ack: 0x475907F7 Win: 0xF990 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:37.416422 24.98.140.134:1197 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60904 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x687E7DC Ack: 0x47B14D73 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:37.612613 24.98.140.134:1200 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:60954 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x68B31AF Ack: 0x471EC9CC Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:37.791953 24.98.140.134:1215 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61020 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x694B074 Ack: 0x475A6E7A Win: 0xF990 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:38.125678 24.98.140.134:1229 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61087 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FC36D Ack: 0x472E665D Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:38.531224 24.98.140.134:1239 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A80D83 Ack: 0x47BD111C Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:39.018151 24.98.140.134:1260 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61502 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6B8071B Ack: 0x47B3C00C Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/08-00:56:39.537519 24.98.140.134:1280 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:61576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C88E8D Ack: 0x47608EC9 Win: 0xF990 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003