[Silicon Defense logo]

SnortSnarf signature page

WEB-IIS unicode directory traversal attempt

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

1500 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 19:49:23.127855 on 04/17/2003
Latest such alert at 04:47:05.780138 on 06/17/2003

WEB-IIS unicode directory traversal attempt 191 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:1945] [CVE:CVE-2000-0884]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
24.209.105.1568730611
24.209.174.07625011
24.209.39.2467632611
24.209.219.1626521311
24.209.11.98309911
24.209.191.912513611
24.209.219.95258111
24.63.13.134237611
24.209.18.197206511
24.245.2.233206611
24.44.2.165155111
24.35.68.68154911
24.126.82.22154911
24.130.219.16155011
24.98.140.134154611
24.209.42.242157711
24.209.40.219154911
24.93.48.91124111
24.189.230.118124011
24.209.113.11125211
24.112.193.145113011
24.150.202.37113211
24.112.153.44103311
24.125.85.187103211
24.242.248.248103111
24.186.148.24103311
24.157.173.39103311
24.99.37.186103411
24.99.137.153103311
24.98.50.142103211
24.46.127.157103211
24.98.69.172103311
24.209.118.134103411
24.166.45.37103211
24.57.13.78103311
24.74.84.124103411
24.219.28.221103411
24.29.173.81103311
24.98.99.14193111
24.98.22.11782511
24.242.253.12272311
24.52.59.2571811
24.129.102.20562711
24.166.119.8861911
24.34.222.5261911
24.71.47.17361411
24.218.160.23862211
24.114.7.12162511
24.160.16.4651711
24.205.137.1251611
24.147.143.3251811
24.60.106.18551611
24.123.41.13051711
24.150.35.19451611
24.243.238.24851611
24.202.34.7251611
24.150.116.1051611
24.208.193.21852011
24.243.144.1352011
24.209.36.194512911
24.158.6.1551611
24.30.227.13651711
24.126.254.1351711
24.204.108.6151711
24.70.71.23651611
24.160.23.5351511
24.91.73.15251611
24.66.107.8751611
24.74.152.24951611
24.99.49.21051611
24.114.70.18251611
24.59.74.4751711
24.92.8.851611
24.198.96.12051611
24.140.76.1451311
24.30.115.9351811
24.98.81.1651611
24.157.153.20452111
24.98.23.21051311
24.191.37.11351711
24.87.77.10651611
24.98.186.23151611
24.214.104.3851611
24.218.253.6751711
24.199.188.22651811
24.57.76.3751411
24.138.38.20651711
24.201.23.6351611
24.91.57.21151611
24.153.56.2651611
24.90.92.16751711
24.150.86.22451211
24.160.157.7951611
24.126.120.8851611
24.85.206.15251811
24.206.140.7851611
24.84.101.19451611
24.205.10.24751611
24.127.15.1652111
24.209.36.20751711
24.54.164.10551611
24.106.83.10251611
24.148.37.19651611
24.76.98.11351611
24.167.224.15051711
24.71.58.20851711
24.60.182.12451511
24.91.103.15251811
24.162.12.21051611
24.130.204.3051511
24.175.171.18051511
24.94.212.16651611
24.214.128.12651611
24.164.56.16551711
24.28.27.20151711
24.150.19.12351611
24.158.5.11351611
24.62.112.14851611
24.245.36.14252111
24.208.232.17351611
24.198.148.10451711
24.198.96.14951611
24.161.112.4051611
24.197.103.21051611
24.99.90.2851611
24.203.10.19451711
24.43.35.5051511
24.226.120.16751711
24.114.19.20351611
24.25.55.9351611
24.161.94.6151611
24.162.219.20351611
24.78.148.8551511
24.91.112.14951811
24.150.22.13951811
24.114.84.14351711
24.202.81.5951611
24.203.221.551811
24.120.188.23651611
24.201.150.21851711
24.220.31.351611
24.61.174.15851811
24.30.204.14551611
24.95.244.12951711
24.226.59.10451711
24.201.83.15251611
24.236.70.251711
24.140.13.15551711
24.98.223.23351511
24.112.68.20851611
24.171.142.3251711
24.98.61.17751811
24.174.223.21251611
24.99.96.13151511
24.114.34.2451811
24.201.31.4151711
24.202.15.24051611
24.148.68.17751711
24.62.250.7251611
24.47.19.14451611
24.201.229.6751511
24.92.146.11151611
24.243.175.14451511
24.165.15.14551611
24.84.94.19551711
24.198.102.6051711
24.200.41.11351611
24.98.20.1451711
24.34.91.2951411
24.74.33.15541511
24.50.102.8841611
24.217.213.11141111
24.148.85.8541811
24.157.60.4842011
24.99.136.1641411
24.148.73.9031011
24.114.38.3731111
24.203.49.123911
24.98.129.25131211
24.199.65.16231011
24.131.113.373911
24.29.111.1663911
24.101.10.5121111
24.91.100.1802811
24.130.75.3321411
24.225.185.1402811
24.214.98.641611
24.136.163.1371611
24.237.65.1671611
24.122.7.1361711
24.203.122.2221611

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.615007770191624
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:48 2003