[Silicon Defense logo]

SnortSnarf alert page

Source: 24.98.69.172

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

33 such alerts found using input module SnortFileInput, with sources:
Earliest: 07:20:51.911449 on 05/24/2003
Latest: 12:57:13.761164 on 06/05/2003

7 different signatures are present for 24.98.69.172 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.98.69.172 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:20:51.911449 24.98.69.172:4808 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34873 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE70CCD4F Ack: 0x35DBD1B4 Win: 0x2238 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:20:52.287707 24.98.69.172:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34898 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE7126F38 Ack: 0x36C83B39 Win: 0x2238 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:01.573919 24.98.69.172:1187 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36110 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE837CE43 Ack: 0x371F187B Win: 0x2238 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:11.093929 24.98.69.172:1485 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37121 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9348B14 Ack: 0x37E8A4B0 Win: 0x2238 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:11.639317 24.98.69.172:1501 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE940F616 Ack: 0x370DE2BE Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/24-07:21:21.168014 24.98.69.172:1793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38262 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA3BE5B2 Ack: 0x382B99F5 Win: 0x2238 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/24-07:21:31.035756 24.98.69.172:2048 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39198 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEB1FE90F Ack: 0x38E2044D Win: 0x2238 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:31.985907 24.98.69.172:2077 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39276 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEB357BA9 Ack: 0x38F1FE2F Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:32.762052 24.98.69.172:2091 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB42C8CD Ack: 0x38EC6FB6 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:42.478599 24.98.69.172:2374 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:40436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC34CCDE Ack: 0x39100543 Win: 0x2238 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:49.151219 24.98.69.172:2465 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC8536CC Ack: 0x39CCF786 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:49.862689 24.98.69.172:2558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41163 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECD7B04E Ack: 0x3A22D974 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:54.288540 24.98.69.172:2669 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41530 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED34AB49 Ack: 0x39970991 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:55.194750 24.98.69.172:2692 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41612 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED496C29 Ack: 0x39CB6D25 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/24-07:21:55.818761 24.98.69.172:2720 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED61B1A6 Ack: 0x39F2997B Win: 0x2238 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:06.662050 24.98.69.172:2584 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43411 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA6064C5B Ack: 0x607F152C Win: 0x2238 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:07.234562 24.98.69.172:2602 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43484 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA6168779 Ack: 0x6003F826 Win: 0x2238 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:07.716236 24.98.69.172:2621 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43552 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA626C295 Ack: 0x609DBE8F Win: 0x2238 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:17.283192 24.98.69.172:2844 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44651 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA6EE86A5 Ack: 0x6037B62D Win: 0x2238 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:17.737319 24.98.69.172:2860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44706 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6FCCF50 Ack: 0x60D97B8D Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/25-06:07:18.096348 24.98.69.172:2865 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA701E52F Ack: 0x60566484 Win: 0x2238 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/25-06:07:18.511012 24.98.69.172:2875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44801 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA70AD5C3 Ack: 0x60E5B0C9 Win: 0x2238 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:25.187453 24.98.69.172:2969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45663 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA75F6F97 Ack: 0x608F3D19 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:34.711836 24.98.69.172:3338 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA89EF221 Ack: 0x62111390 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:35.259623 24.98.69.172:3355 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47137 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8ABFCC1 Ack: 0x6197997D Win: 0x2238 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:45.016844 24.98.69.172:3614 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA98FC046 Ack: 0x626F40A6 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:54.588643 24.98.69.172:3633 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA99F68A3 Ack: 0x62624C2A Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:55.022153 24.98.69.172:3878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49674 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA78D089 Ack: 0x63649FD2 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:55.545079 24.98.69.172:3890 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA82F72D Ack: 0x629D4A21 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:55.883119 24.98.69.172:3905 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49795 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA8FE468 Ack: 0x635632A8 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/25-06:07:56.417125 24.98.69.172:3917 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA9907BB Ack: 0x62BFBC41 Win: 0x2238 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-12:57:13.729132 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x731617B9 Ack: 0x2A57B127 Win: 0x2238 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
06/05-12:57:13.761164 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73161D6D Ack: 0x2A57B127 Win: 0x2238 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003