SnortSnarf alert page

Destination: 192.168.24.11: #13001-13100

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 12:44:45.577966 on 06/13/2010
Latest: 08:34:32.549037 on 06/15/2010

31 different signatures are present for 192.168.24.11 as a destination

1 instances of WEB-MISC long basic authorization string
1 instances of WEB-MISC Cisco IOS HTTP configuration attempt
2 instances of SNMP private access udp
2 instances of SNMP public access udp
2 instances of WEB-MISC WebDAV search access
3 instances of WEB-MISC /etc/passwd
3 instances of ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
4 instances of MS-SQL probe response overflow attempt
4 instances of WEB-MISC cross site scripting attempt
4 instances of SNMP request udp
4 instances of ATTACK-RESPONSES id check returned root
4 instances of (http_inspect) DOUBLE DECODING ATTACK
5 instances of WEB-PHP remote include path
5 instances of IMAP authenticate overflow attempt
6 instances of WEB-FRONTPAGE /_vti_bin/ access
9 instances of WEB-MISC apache directory disclosure attempt
9 instances of WEB-MISC Chunked-Encoding transfer attempt
13 instances of WEB-PHP test.php access
13 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
17 instances of NETBIOS SMB trans2open buffer overflow attempt
38 instances of WEB-MISC http directory traversal
42 instances of ICMP Destination Unreachable Communication Administratively Prohibited
50 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
57 instances of (http_inspect) OVERSIZE CHUNK ENCODING
85 instances of WEB-IIS view source via translate header
144 instances of WEB-MISC Invalid HTTP Version String
256 instances of IMAP status overflow attempt
347 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING
432 instances of (http_inspect) BARE BYTE UNICODE ENCODING
470 instances of IMAP fetch overflow attempt
14771 instances of WEB-MISC robots.txt access

There are 935 distinct source IPs in the alerts of the type on this page.

192.168.24.11 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.24.11 as an alert source [7 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/13-12:44:45.577966 130.54.208.193:33753 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2777
***AP*** Seq: 0xF5B2CEB  Ack: 0xECEF2973  Win: 0x4B60  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/13-12:44:47.329190 130.54.208.193:33752 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3559
***AP*** Seq: 0x10005B5E  Ack: 0xEC3CFA94  Win: 0x81D0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-13:01:30.802760 65.214.44.135:47049 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:263
***AP*** Seq: 0xB4449FD8  Ack: 0x4E724B39  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-14:14:12.853161 72.30.252.163:44639 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xDFDE3CBB  Ack: 0x6081F58B  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-14:39:15.186162 68.142.250.40:60843 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x3B5F6CFA  Ack: 0xBF6CB549  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-15:04:19.336412 66.249.66.2:42956 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6870
***AP*** Seq: 0x1E763E6D  Ack: 0x1E2D5BBA  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-15:16:27.032999 72.30.215.24:48820 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xE889E8FF  Ack: 0x4B98CCA4  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-15:28:30.636962 72.30.252.162:36097 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xF8132D18  Ack: 0x79860979  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-16:25:24.989443 68.142.250.40:47874 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xCC5DA343  Ack: 0x5008EB6A  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-17:03:20.906567 72.30.252.162:39414 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x5E294DB3  Ack: 0xDEA3A6E1  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/13-17:29:50.975262 130.54.208.193:1652 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:204
***AP*** Seq: 0x400ABD31  Ack: 0xA9395DD3  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/13-17:29:52.025266 130.54.208.193:1652 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:223
***AP*** Seq: 0x400B42CD  Ack: 0xA9395E8A  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/13-17:29:54.105189 130.54.208.193:1652 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:512
***AP*** Seq: 0x400B4750  Ack: 0xA9396062  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:19:36.030242 72.30.252.162:57377 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7F8F25E6  Ack: 0xFE604A27  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:34:19.033743 68.142.250.40:47328 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xB26EF759  Ack: 0x361870A9  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-19:45:27.980072 68.142.250.40:49489 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xBF4BFEE8  Ack: 0x4279769B  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-19:54:22.085717 72.30.252.162:38751 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xE5761532  Ack: 0x639FF861  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-20:44:13.968897 68.142.250.73:53029 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x2D1B1C06  Ack: 0x1F192462  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-20:48:31.141534 65.214.44.116:43732 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:259
***AP*** Seq: 0xE6CC1B58  Ack: 0x2F61C0A7  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-21:42:41.775837 68.142.250.73:38537 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xAAD460B  Ack: 0xFC8A1179  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-22:01:06.042451 72.30.252.160:40809 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xC342426B  Ack: 0x41468B47  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/13-22:36:54.266723 192.168.24.52:2621 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1734
***AP*** Seq: 0xC852D88B  Ack: 0xEBE658BA  Win: 0x2283  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-22:37:44.423142 68.142.250.73:44891 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xDA2D8140  Ack: 0xCBCB4BB7  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:04:41.861988 72.30.252.160:52958 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xB43F461C  Ack: 0x32362BE1  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/13-23:18:54.999976 192.168.24.52:2714 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:46118 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x99718E94  Ack: 0x66F3ECAB  Win: 0xFB34  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:19:10.728612 68.142.250.73:43664 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x76C36722  Ack: 0x68223BD0  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:55:00.754274 68.142.250.73:39896 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xFE2A00A6  Ack: 0xEE4E92A5  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-00:09:07.105019 72.30.252.160:54248 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xA6942808  Ack: 0x24B6C11E  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:8] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-00:24:50.462786 82.155.176.18:1256 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:208
***AP*** Seq: 0xDBA11984  Ack: 0x5F5A9B2C  Win: 0x4188  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:07:13.770936 65.214.44.135:52266 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:263
***AP*** Seq: 0x69055B12  Ack: 0xFF0D2038  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:09:30.798232 68.142.250.73:45665 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x16CD7E14  Ack: 0x7C71960  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:55:03.758415 72.30.252.160:43582 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x36FCBF8B  Ack: 0xB3A6118D  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-02:19:56.397405 68.142.250.73:58460 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x20E6CAEA  Ack: 0x10FB5E51  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:16:31.225499 72.30.215.24:55298 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x879599B9  Ack: 0xE68D7F80  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:24:13.601478 68.142.250.73:49530 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x1451D740  Ack: 0x43D4DB1  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:29:16.448240 72.30.252.158:50453 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x9A28D61F  Ack: 0x17246C76  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-04:30:01.003418 72.30.252.158:38805 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7F9DB156  Ack: 0xFCC01552  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-04:44:59.891333 68.142.250.73:42649 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x445F2EA9  Ack: 0x351EB1D7  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-05:53:02.566771 68.142.250.73:46418 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x463D67E4  Ack: 0x356D3E32  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-06:12:21.630161 68.142.249.179:51926 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xDD0E84D4  Ack: 0x7DE68452  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-07:59:57.485520 68.142.249.179:60459 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7418F419  Ack: 0x14749CEA  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-08:36:42.566992 68.142.249.179:43683 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xFEA2CE9E  Ack: 0x9E17F7F9  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-09:16:13.480083 130.54.208.193:45239 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:50204 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0xBF19A87D  Ack: 0x2E843E2A  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 588929858 578197798 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-09:16:25.769485 130.54.208.193:45239 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:241
***AP*** Seq: 0x2E850157  Ack: 0xBF19AA6B  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-09:16:26.129327 130.54.208.193:45239 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:331
***AP*** Seq: 0x2E850533  Ack: 0xBF19AB8E  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-09:16:28.870661 130.54.208.193:45239 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:243
***AP*** Seq: 0x2E85200E  Ack: 0xBF19AC59  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-09:19:57.354294 68.142.250.14:59238 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xD6858859  Ack: 0x417A23AB  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-09:59:18.929365 68.142.250.14:43031 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x6B1841A8  Ack: 0xD57CBCED  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/14-10:31:18.358651 130.54.208.193:1331 -> 192.168.24.11:80
TCP TTL:113 TOS:0x0 ID:10650 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB615F165  Ack: 0x4DFA73CB  Win: 0xFFFF  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-11:01:30.411688 68.142.250.14:37793 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x558195EC  Ack: 0xC09EAB91  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:01:57.403062 61.211.57.229:3633 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2976
***AP*** Seq: 0x66051E15  Ack: 0xA4DD5B59  Win: 0xFC16  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:02:44.718939 68.142.250.14:52597 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x3C4B3778  Ack: 0xA7C0B8B9  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:08:10.837594 72.30.252.157:40940 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x421169F8  Ack: 0xBBBB8ADC  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-13:08:18.743919 68.142.250.14:52001 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x34187C99  Ack: 0x9EC59CDF  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:15:24.454022 68.142.250.14:53340 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x31A37C50  Ack: 0x9BD2F85B  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:43:46.694631 68.142.250.14:44229 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x9CC55965  Ack: 0x64FDF92  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:46:46.917233 66.249.66.2:41296 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:526
***AP*** Seq: 0x1A34E7A7  Ack: 0x11EE5071  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:16:34.099362 72.30.215.24:49997 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x2658E64F  Ack: 0x812A79D4  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:21:21.913893 68.142.250.14:38720 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x2AC0C285  Ack: 0x93A959A4  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-15:48:55.582681 68.142.250.14:56840 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x91FB06C1  Ack: 0xFCA73DF0  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-16:26:28.598520 68.142.250.31:59333 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x824E1A1D  Ack: 0x89A6E70E  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-16:40:21.666249 130.54.208.193:46633 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:183
***AP*** Seq: 0xBE59129C  Ack: 0x4F8420B5  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-16:40:24.028847 130.54.208.193:46633 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:525
***AP*** Seq: 0xBE5941ED  Ack: 0x4F84229A  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-16:40:24.028847 130.54.208.193:46633 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:525
***AP*** Seq: 0xBE5941ED  Ack: 0x4F84229A  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-16:51:30.089266 68.142.250.31:38716 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xE127F449  Ack: 0xE7C2A880  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-17:15:06.247504 68.142.250.31:52208 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x3A7E105E  Ack: 0x4018B4A5  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-17:55:22.881608 68.142.250.31:56359 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xD2F0A03E  Ack: 0xD83C85C6  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:47:09.676760 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1430
***AP*** Seq: 0x9AA54EFE  Ack: 0x2EBFEBCD  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:47:10.193747 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:362
***AP*** Seq: 0x9AA5534C  Ack: 0x2EBFED0F  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:56:39.679922 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1502
***AP*** Seq: 0x9AA596A2  Ack: 0x2EBFF3FE  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-18:56:41.664643 68.142.250.31:36555 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xB9A04F05  Ack: 0xBF99267B  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:56:42.510096 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:596
***AP*** Seq: 0x9AA5B756  Ack: 0x2EBFF62A  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-20:06:29.867101 72.30.252.156:34093 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x50E33C97  Ack: 0xC7292AE7  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-20:08:36.031370 68.142.250.31:51602 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xC8EA5A30  Ack: 0xCEEE43BD  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-20:48:04.931491 68.142.250.31:58643 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x5E37CB36  Ack: 0x64378524  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-21:41:32.306125 72.30.252.156:55724 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xB7B627D0  Ack: 0x2D3A7382  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:44:43.644536 68.142.250.31:43342 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x17A1BD1C  Ack: 0x1C298401  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/14-22:48:04.243717 192.168.24.52:2133 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:25564 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBACFF8F7  Ack: 0x283F09E7  Win: 0xFB34  TcpLen: 20

[**] [1:2002:5] WEB-PHP remote include path [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-23:32:25.554135 82.226.118.139:32858 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:395
***AP*** Seq: 0xB4DE2554  Ack: 0xCFE19E00  Win: 0x16D0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-23:54:19.726511 68.142.250.31:48497 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x1D1F518E  Ack: 0x21E8DF2D  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-00:45:54.966991 68.142.250.31:44380 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xE10A3A91  Ack: 0xE4A47338  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:09:40.999248 65.214.44.135:44857 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:263
***AP*** Seq: 0xAE53CC27  Ack: 0x3EE6506E  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:37:16.283607 68.142.250.31:37348 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xA2C71BC8  Ack: 0xA61F3384  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-01:51:35.430008 72.30.252.153:41640 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x67590658  Ack: 0xDC77B51E  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-02:35:53.083700 68.142.250.31:58373 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7FB9133A  Ack: 0x8452FCB6  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-03:12:20.047202 68.142.250.31:45360 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x96102D2  Ack: 0xDCF83B8  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-03:16:36.019202 72.30.215.24:40294 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xC555E67B  Ack: 0x1C84167F  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-03:35:00.598767 72.30.252.153:33839 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xEE617752  Ack: 0x627308AF  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-04:16:29.895717 68.142.250.31:45415 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xFBE55300  Ack: 0xFF1431A4  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-05:52:12.604172 68.142.250.31:48580 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x65854249  Ack: 0x68103E17  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-06:23:43.034656 72.30.252.153:42664 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x6ACC3542  Ack: 0xDF294E62  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-06:38:31.951386 68.142.250.31:38121 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x139D24FD  Ack: 0x1686AE00  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-07:26:50.492306 68.142.250.31:59647 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xCA7BBD99  Ack: 0xCCFCCE01  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/15-07:27:28.459701 192.168.24.52:1178 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2939
***AP*** Seq: 0xCDA20290  Ack: 0x8C96734D  Win: 0x2FD0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-07:39:19.506619 38.98.19.100:43090 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:291
***AP*** Seq: 0xCD397D7  Ack: 0xFAD72797  Win: 0x5B4  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-07:51:43.617915 72.30.252.152:46809 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xB7784D59  Ack: 0x2A660279  Win: 0x5C  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-08:23:19.866039 38.98.19.74:54757 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:291
***AP*** Seq: 0xB2F3705E  Ack: 0xA1D5335F  Win: 0x5B4  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:31:23.587547 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:471
***AP*** Seq: 0xBF613B0F  Ack: 0x57C43C42  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-08:34:18.349120 68.142.250.31:57330 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xC8E4D7FB  Ack: 0xCA80648D  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:34:32.549037 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:625
***AP*** Seq: 0xBF615522  Ack: 0x57C44278  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:38 2010

192.168.24.11	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.24.11 as an alert source [7 alerts]