[Silicon Defense logo]

SnortSnarf alert page

Source: 24.99.37.186

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

34 such alerts found using input module SnortFileInput, with sources:
Earliest: 11:06:04.280517 on 04/29/2003
Latest: 03:58:45.970330 on 05/04/2003

6 different signatures are present for 24.99.37.186 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.99.37.186 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:04.280517 24.99.37.186:3219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46810 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9DA4A657 Ack: 0xBF2668DF Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:04.737052 24.99.37.186:3233 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46855 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9DB173C3 Ack: 0xBEB2D0E4 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:04.890423 24.99.37.186:3237 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46874 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DB4847D Ack: 0xBEDAB28C Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:08.235438 24.99.37.186:3295 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47034 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DECBAA2 Ack: 0xBF3F06CD Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:11.659780 24.99.37.186:3350 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47201 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E22ADDD Ack: 0xBF8C3311 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-11:06:11.806640 24.99.37.186:3353 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47210 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E25733D Ack: 0xBFB3973E Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/29-11:06:11.919942 24.99.37.186:3356 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47215 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E27FFAA Ack: 0xBEE9BFBD Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:12.050281 24.99.37.186:3358 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47224 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9E296AB9 Ack: 0xBF0EA569 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:15.170827 24.99.37.186:3398 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47338 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E52E110 Ack: 0xBF07BFA0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:15.290124 24.99.37.186:3402 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E569A0B Ack: 0xBF4F4C07 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:15.430021 24.99.37.186:3404 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E590D49 Ack: 0xBF550A94 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:15.546090 24.99.37.186:3405 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E5A6BFA Ack: 0xBEFB8373 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:15.678760 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47369 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854 Ack: 0xBF9C7A74 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:18.639514 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47449 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854 Ack: 0xBF9C7A74 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:18.950082 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47462 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B Ack: 0xBFFEB403 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:21.942599 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B Ack: 0xBFFEB403 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:22.244377 24.99.37.186:3491 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9EB278B2 Ack: 0xBFC72A44 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
04/29-11:06:25.762687 24.99.37.186:3544 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9EE75DE5 Ack: 0xBFF8F137 Win: 0x4470 TcpLen: 20
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:57:54.161462 24.99.37.186:3361 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24902 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x92742B5F Ack: 0xAC0B2BDF Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:57:54.848538 24.99.37.186:3384 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25003 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9286E301 Ack: 0xAC0AC82C Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:04.216136 24.99.37.186:3709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26408 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x939DD825 Ack: 0xACCA2615 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:04.347100 24.99.37.186:3713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93A1C35B Ack: 0xAC4E6552 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:13.735616 24.99.37.186:3996 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x94971147 Ack: 0xACF731C5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/04-03:58:23.092889 24.99.37.186:4299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28705 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9596852B Ack: 0xAD2F6CE1 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/04-03:58:32.500164 24.99.37.186:4626 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30118 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96B057CA Ack: 0xADD85F86 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:32.665524 24.99.37.186:4630 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30124 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x96B3719B Ack: 0xADDE8E85 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:35.775949 24.99.37.186:4709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30381 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96F81BF9 Ack: 0xAE703939 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:35.906136 24.99.37.186:4713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30394 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FB0049 Ack: 0xAE52161F Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:36.027122 24.99.37.186:4717 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FE7ECA Ack: 0xAE9C7FA3 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:45.443481 24.99.37.186:4939 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31157 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97C4F21F Ack: 0xAEABE7D5 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:45.577356 24.99.37.186:4949 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31175 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x97CD2644 Ack: 0xAE897660 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:45.695409 24.99.37.186:4951 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31185 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97CF33C0 Ack: 0xAE5C21D8 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:45.827691 24.99.37.186:4961 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31214 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97D70B65 Ack: 0xAF1D843E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/04-03:58:45.970330 24.99.37.186:4963 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97D8CD82 Ack: 0xAEB8D03F Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003