[Silicon Defense logo]

SnortSnarf alert page

Source: 24.98.186.231

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:
Earliest: 04:04:32.691849 on 05/28/2003
Latest: 04:05:19.401542 on 05/28/2003

6 different signatures are present for 24.98.186.231 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.98.186.231 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:32.691849 24.98.186.231:1956 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA503A6D8 Ack: 0x50A0B35C Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:33.727449 24.98.186.231:1987 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:61588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA51D883B Ack: 0x50BDCEB7 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:43.205436 24.98.186.231:2360 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:62954 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA657E18D Ack: 0x516A4013 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:43.557537 24.98.186.231:2372 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:63009 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA661F241 Ack: 0x510C74C6 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:52.901276 24.98.186.231:2789 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64477 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA7B5BF58 Ack: 0x51E6BCA4 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/28-04:04:56.575359 24.98.186.231:2941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65044 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA832D11D Ack: 0x525BB2BD Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/28-04:04:56.969854 24.98.186.231:2964 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65107 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA847C7C4 Ack: 0x51E8C913 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:57.377108 24.98.186.231:2978 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65171 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8543828 Ack: 0x52488AEE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:58.001284 24.98.186.231:3005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65269 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA86944B4 Ack: 0x523202D1 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:58.528361 24.98.186.231:3033 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8807D29 Ack: 0x52258675 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:04:58.984658 24.98.186.231:3052 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8908E40 Ack: 0x520F83D2 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:05:08.347444 24.98.186.231:3469 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1358 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9E92F78 Ack: 0x5289B750 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:05:08.795282 24.98.186.231:3481 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1430 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA9F3DF67 Ack: 0x53246670 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:05:09.219084 24.98.186.231:3498 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1496 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA019CFE Ack: 0x530187B6 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:05:09.808597 24.98.186.231:3512 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:1588 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA0E7AE9 Ack: 0x5330637D Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/28-04:05:19.401542 24.98.186.231:3941 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:3060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAB6CB40A Ack: 0x532628A8 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003