[Silicon Defense logo]

SnortSnarf alert page

Source: 24.99.96.131

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

15 such alerts found using input module SnortFileInput, with sources:
Earliest: 15:58:15.726344 on 05/29/2003
Latest: 15:58:31.482266 on 05/29/2003

6 different signatures are present for 24.99.96.131 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

24.99.96.131 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:15.726344 24.99.96.131:3971 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31511 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC2EA40C Ack: 0x18C764BA Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:16.843396 24.99.96.131:4051 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC6F7829 Ack: 0x18D09961 Win: 0x4470 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:17.162936 24.99.96.131:4075 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31806 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCC81BEEF Ack: 0x190888F8 Win: 0x4470 TcpLen: 20
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:17.442569 24.99.96.131:4098 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31853 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCC92D8E2 Ack: 0x18F11C05 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-15:58:17.820187 24.99.96.131:4117 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31921 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCA27F8E Ack: 0x1840D689 Win: 0x4470 TcpLen: 20
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-15:58:18.081639 24.99.96.131:4133 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31969 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCB05447 Ack: 0x18D73E85 Win: 0x4470 TcpLen: 20
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:18.570852 24.99.96.131:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32065 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCCC4EF7A Ack: 0x18A63FCD Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:28.171753 24.99.96.131:1099 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEB70E17 Ack: 0x19B230E0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:28.669159 24.99.96.131:1141 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCED56A06 Ack: 0x19D49321 Win: 0x4470 TcpLen: 20
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:29.054031 24.99.96.131:1169 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33912 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEEB5133 Ack: 0x19D42047 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:29.571149 24.99.96.131:1194 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:33995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCEFF923C Ack: 0x19933673 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:30.008016 24.99.96.131:1220 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34066 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCF13EED2 Ack: 0x19435CB0 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:30.559145 24.99.96.131:1247 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34164 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF2956C3 Ack: 0x199AD392 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:30.984966 24.99.96.131:1287 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34237 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCF44E490 Ack: 0x1939F2D9 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-15:58:31.482266 24.99.96.131:1312 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34322 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCF588E9F Ack: 0x19544114 Win: 0x4470 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003