[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:15.957391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64325 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17098 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:15.957391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64326 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17099 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:16.457391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64327 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17102 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:16.457391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64328 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17103 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:18.937391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64351 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29635 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:18.937391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64352 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29636 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:21:21.607391 192.168.1.70 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:3679 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:8448 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:21.607391 192.168.1.1 -> 192.168.1.70
ICMP TTL:128 TOS:0x0 ID:61254 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:8448 ECHO REPLY
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:40.957391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64451 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17122 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:40.957391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64452 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17123 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:41.457391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64454 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17126 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:41.457391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64455 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17127 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:43.937391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64457 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29637 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:43.937391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64458 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29638 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:48.837391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:10 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3249 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:17184 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.1.113 (THRESHOLD 4 connections exceeded in 1 seconds) [**]
05/03-15:21:49.728876
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 26 connections across 18 hosts: TCP(26), UDP(0) [**]
05/03-15:21:53.104429
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:55.107391 192.168.1.110 -> 192.168.1.113
ICMP TTL:255 TOS:0x0 ID:27 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3380 -> 192.168.1.110:137
UDP TTL:128 TOS:0x0 ID:17530 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:55.117391 192.168.1.109 -> 192.168.1.113
ICMP TTL:255 TOS:0x0 ID:27 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3379 -> 192.168.1.109:137
UDP TTL:128 TOS:0x0 ID:17529 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:21:55.357391 192.168.1.81 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:32754 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:9216 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:55.357391 192.168.1.1 -> 192.168.1.81
ICMP TTL:128 TOS:0x0 ID:61506 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:9216 ECHO REPLY
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:21:56.257391 192.168.1.38 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:21286 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:11776 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:56.257391 192.168.1.1 -> 192.168.1.38
ICMP TTL:128 TOS:0x0 ID:61569 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:11776 ECHO REPLY
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:21:59.807391 192.168.1.150 -> 192.168.1.113
ICMP TTL:255 TOS:0xC0 ID:50377 IpLen:20 DgmLen:106
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3421 -> 192.168.1.150:137
UDP TTL:128 TOS:0x0 ID:17614 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 5 connections across 3 hosts: TCP(5), UDP(0) [**]
05/03-15:22:05.666462
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:05.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64578 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17701 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:05.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64579 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17702 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:06.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64585 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17716 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:06.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64586 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17717 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:22:07.117391 192.168.1.37 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:22375 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:9216 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:07.117391 192.168.1.1 -> 192.168.1.37
ICMP TTL:128 TOS:0x0 ID:61686 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:9216 ECHO REPLY
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:08.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64617 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29668 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:08.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64618 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29669 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:30.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64703 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17760 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:30.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64704 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17761 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:31.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64705 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17764 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:31.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64706 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17765 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:33.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64708 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29670 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:33.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64709 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29671 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:55.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64818 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17792 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:55.967391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64819 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17793 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:56.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64835 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17796 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:56.467391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:64836 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17797 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:58.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64844 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29672 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:22:58.947391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:64845 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29673 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:3:1] spp_portscan: End of portscan from 192.168.1.113: TOTAL time(5s) hosts(20) TCP(31) UDP(0) [**]
05/03-15:23:09.605890
[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.1.113 (THRESHOLD 4 connections exceeded in 0 seconds) [**]
05/03-15:23:12.912552
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:20.977391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65076 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17981 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:20.977391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65077 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17982 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:21.477391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65079 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17988 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:21.477391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65080 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:17989 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:23:21.507391 192.168.1.35 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:2757 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:8448 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:21.507391 192.168.1.1 -> 192.168.1.35
ICMP TTL:128 TOS:0x0 ID:62060 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:8448 ECHO REPLY
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 15 connections across 3 hosts: TCP(15), UDP(0) [**]
05/03-15:23:21.516713
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:23.957391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:65098 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29674 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:23.957391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:65099 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29675 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
05/03-15:23:33.857234
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:33.877391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:11 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18078 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:33.887391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:12 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18082 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:33.887391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:13 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18092 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:33.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21417 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65138 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:35.357391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:14 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18111 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:35.367391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:15 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18112 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:35.367391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:16 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18113 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:35.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21420 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65162 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:36.867391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:17 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18156 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:36.867391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:18 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18157 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:36.877391 192.168.1.17 -> 192.168.1.113
ICMP TTL:60 TOS:0x0 ID:19 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:137 -> 192.168.1.17:137
UDP TTL:128 TOS:0x0 ID:18158 IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:37.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21421 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65171 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:469:1] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:23:38.587391 192.168.1.81 -> 192.168.1.1
ICMP TTL:128 TOS:0x0 ID:32897 IpLen:20 DgmLen:28
Type:8 Code:0 ID:512 Seq:9472 ECHO
[Xref => http://www.whitehats.com/info/IDS162]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:38.587391 192.168.1.1 -> 192.168.1.81
ICMP TTL:128 TOS:0x0 ID:62190 IpLen:20 DgmLen:28
Type:0 Code:0 ID:512 Seq:9472 ECHO REPLY
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 4 connections across 1 hosts: TCP(4), UDP(0) [**]
05/03-15:23:38.689756
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:23:38.747391 192.168.1.81 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:32930 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:9728 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:38.747391 192.168.1.1 -> 192.168.1.81
ICMP TTL:128 TOS:0x0 ID:62219 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:9728 ECHO REPLY
[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.1.81 (THRESHOLD 4 connections exceeded in 0 seconds) [**]
05/03-15:23:38.754265
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:39.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21422 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65173 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:41.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21425 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65196 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:43.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21426 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65198 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:45.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21429 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65219 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:45.977391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65220 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:18231 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:45.977391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65221 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:18232 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
05/03-15:23:46.084769
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.81: 5 connections across 1 hosts: TCP(5), UDP(0) [**]
05/03-15:23:46.084910
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:46.477391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65277 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:18285 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:46.477391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:65278 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:18286 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:47.927391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21430 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:65484 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:48.957391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:105 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29676 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:48.957391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:106 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29677 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:23:49.937391 192.168.1.38 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:21431 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.2:1745 -> 192.168.1.38:2301
UDP TTL:128 TOS:0x0 ID:257 IpLen:20 DgmLen:200
Len: 180
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 203 connections across 1 hosts: TCP(203), UDP(0) [**]
05/03-15:23:50.048973
[**] [100:3:1] spp_portscan: End of portscan from 192.168.1.81: TOTAL time(0s) hosts(1) TCP(5) UDP(0) [**]
05/03-15:23:50.049094
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 242 connections across 1 hosts: TCP(242), UDP(0) [**]
05/03-15:23:54.054715
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 296 connections across 10 hosts: TCP(296), UDP(0) [**]
05/03-15:23:58.061070
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:02.065778
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:06.071233
[**] [1:615:3] SCAN SOCKS Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:24:07.107391 192.168.1.113:4828 -> 192.168.1.2:1080
TCP TTL:128 TOS:0x0 ID:21738 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC8E2BE21 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[Xref => http://help.undernet.org/proxyscan/]
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 253 connections across 1 hosts: TCP(253), UDP(0) [**]
05/03-15:24:10.076730
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:10.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:3610 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:22291 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:10.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:3611 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:22292 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:11.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:3712 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:22395 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:11.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:3713 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:22396 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:13.967391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:4087 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29693 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:13.967391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:4088 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29694 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:14.083482
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 250 connections across 1 hosts: TCP(250), UDP(0) [**]
05/03-15:24:18.087547
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 260 connections across 3 hosts: TCP(260), UDP(0) [**]
05/03-15:24:22.093575
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:26.098446
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:30.103879
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:34.109322
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:35.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:7508 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:26274 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:35.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:7509 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:26275 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:36.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:7610 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:26381 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:36.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:7611 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:26382 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 255 connections across 3 hosts: TCP(255), UDP(0) [**]
05/03-15:24:38.014660
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:38.967391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:7964 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29695 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:24:38.967391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:7965 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29696 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 254 connections across 2 hosts: TCP(254), UDP(0) [**]
05/03-15:24:42.020185
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:46.025531
[**] [1:618:2] SCAN Squid Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:24:48.057391 192.168.1.113:3123 -> 192.168.1.2:3128
TCP TTL:128 TOS:0x0 ID:28330 IpLen:20 DgmLen:48 DF
******S* Seq: 0xCFE4B943 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[**] [1:618:2] SCAN Squid Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:24:48.517391 192.168.1.113:3123 -> 192.168.1.2:3128
TCP TTL:128 TOS:0x0 ID:28385 IpLen:20 DgmLen:48 DF
******S* Seq: 0xCFE4B943 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[**] [1:618:2] SCAN Squid Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:24:49.017391 192.168.1.113:3123 -> 192.168.1.2:3128
TCP TTL:128 TOS:0x0 ID:28448 IpLen:20 DgmLen:48 DF
******S* Seq: 0xCFE4B943 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 251 connections across 1 hosts: TCP(251), UDP(0) [**]
05/03-15:24:50.031036
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 250 connections across 1 hosts: TCP(250), UDP(0) [**]
05/03-15:24:54.036400
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:24:58.041875
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:00.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:11422 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30325 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:00.987391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:11423 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30326 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:01.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:11535 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30429 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:01.487391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:11536 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30430 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 255 connections across 3 hosts: TCP(255), UDP(0) [**]
05/03-15:25:02.049293
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:03.977391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:11910 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29698 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:03.977391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:11911 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:29699 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:469:1] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:25:04.167391 192.168.1.60 -> 192.168.1.1
ICMP TTL:128 TOS:0x0 ID:2601 IpLen:20 DgmLen:28
Type:8 Code:0 ID:512 Seq:8192 ECHO
[Xref => http://www.whitehats.com/info/IDS162]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:04.167391 192.168.1.1 -> 192.168.1.60
ICMP TTL:128 TOS:0x0 ID:62507 IpLen:20 DgmLen:28
Type:0 Code:0 ID:512 Seq:8192 ECHO REPLY
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:25:04.317391 192.168.1.60 -> 192.168.1.1
ICMP TTL:32 TOS:0x0 ID:2633 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:8448 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:408:4] ICMP Echo Reply [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:25:04.317391 192.168.1.1 -> 192.168.1.60
ICMP TTL:128 TOS:0x0 ID:62535 IpLen:20 DgmLen:60
Type:0 Code:0 ID:512 Seq:8448 ECHO REPLY
[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.1.60 (THRESHOLD 4 connections exceeded in 0 seconds) [**]
05/03-15:25:04.328330
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:25:06.052804
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.60: 5 connections across 1 hosts: TCP(5), UDP(0) [**]
05/03-15:25:08.052531
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:25:10.058290
[**] [100:3:1] spp_portscan: End of portscan from 192.168.1.60: TOTAL time(0s) hosts(1) TCP(5) UDP(0) [**]
05/03-15:25:12.057521
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 248 connections across 1 hosts: TCP(248), UDP(0) [**]
05/03-15:25:14.063617
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 249 connections across 1 hosts: TCP(249), UDP(0) [**]
05/03-15:25:18.069045
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:29.307391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:34638 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30196 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:29.307391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:34639 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30197 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.1.113 (THRESHOLD 4 connections exceeded in 1 seconds) [**]
05/03-15:55:51.074542
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:51.317391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:34756 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:40711 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:51.317391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:34757 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:40712 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:51.817391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:34771 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:40754 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:51.817391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:34772 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:40755 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:54.307391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:34983 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30362 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:55:54.307391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:34984 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30363 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 10 connections across 1 hosts: TCP(10), UDP(0) [**]
05/03-15:55:59.141608
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 2 connections across 1 hosts: TCP(2), UDP(0) [**]
05/03-15:56:03.073169
[**] [1:1149:4] WEB-MISC count.cgi access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:04.597391 192.168.1.70:1914 -> 192.168.1.2:80
TCP TTL:128 TOS:0x0 ID:4521 IpLen:20 DgmLen:338 DF
***AP*** Seq: 0x4609D17F Ack: 0x6ACE44F1 Win: 0x4470 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/128]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0021]
[**] [1:1149:4] WEB-MISC count.cgi access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:04.607391 192.168.1.70:1918 -> 192.168.1.2:80
TCP TTL:128 TOS:0x0 ID:4531 IpLen:20 DgmLen:423 DF
***AP*** Seq: 0x460A7A92 Ack: 0x6ACED211 Win: 0x4470 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/128]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0021]
[**] [1:1149:4] WEB-MISC count.cgi access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:04.617391 192.168.1.70:1918 -> 192.168.1.2:80
TCP TTL:128 TOS:0x0 ID:4536 IpLen:20 DgmLen:555 DF
***AP*** Seq: 0x460A7C11 Ack: 0x6ACEE30F Win: 0x3EDA TcpLen: 20
[Xref => http://www.securityfocus.com/bid/128]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0021]
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
05/03-15:56:07.178765
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 3 connections across 2 hosts: TCP(3), UDP(0) [**]
05/03-15:56:12.218789
[**] [1:1446:1] SMTP vrfy root [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:12.557391 192.168.1.113:4019 -> 192.168.1.1:25
TCP TTL:128 TOS:0x0 ID:40947 IpLen:20 DgmLen:51 DF
***AP*** Seq: 0xB516BEA2 Ack: 0x2296D0B Win: 0xFA55 TcpLen: 20
[**] [1:660:3] SMTP expn root [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:12.557391 192.168.1.113:4019 -> 192.168.1.1:25
TCP TTL:128 TOS:0x0 ID:40952 IpLen:20 DgmLen:51 DF
***AP*** Seq: 0xB516BED1 Ack: 0x2296DFD Win: 0xF963 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS31]
[**] [1:659:2] SMTP expn decode [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:12.557391 192.168.1.113:4019 -> 192.168.1.1:25
TCP TTL:128 TOS:0x0 ID:40956 IpLen:20 DgmLen:53 DF
***AP*** Seq: 0xB516BF00 Ack: 0x2296E5D Win: 0xF903 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS32]
[**] [1:973:5] WEB-IIS *.idc attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.117391 192.168.1.113:4044 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41397 IpLen:20 DgmLen:61 DF
***AP*** Seq: 0xB52A6294 Ack: 0x2370FFD Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1448]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0874]
[**] [1:993:4] WEB-IIS iisadmin access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.137391 192.168.1.113:4047 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41409 IpLen:20 DgmLen:65 DF
***AP*** Seq: 0xB52BC551 Ack: 0x238A8C2 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.167391 192.168.1.1:80 -> 192.168.1.113:4047
TCP TTL:128 TOS:0x0 ID:6342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x238A8C2 Ack: 0xB52BC56A Win: 0x4457 TcpLen: 20
[**] [1:987:7] WEB-IIS .htr access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.167391 192.168.1.113:4051 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41430 IpLen:20 DgmLen:971 DF
***AP*** Seq: 0xB52F7A9A Ack: 0x23BBDAD Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0630]
[**] [1:1023:4] WEB-IIS msadc/msadcs.dll access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.267391 192.168.1.113:4060 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41464 IpLen:20 DgmLen:72 DF
***AP*** Seq: 0xB53422B3 Ack: 0x240A6E0 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1011]
[Xref => http://www.securityfocus.com/bid/529]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.297391 192.168.1.1:80 -> 192.168.1.113:4060
TCP TTL:128 TOS:0x0 ID:6370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x240A6E0 Ack: 0xB53422D3 Win: 0x4450 TcpLen: 20
[**] [1:987:7] WEB-IIS .htr access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.317391 192.168.1.113:4061 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41478 IpLen:20 DgmLen:81 DF
***AP*** Seq: 0xB535832B Ack: 0x2417FC1 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0630]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.317391 192.168.1.113:4064 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41483 IpLen:20 DgmLen:86 DF
***AP*** Seq: 0xB5372666 Ack: 0x242FCBF Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.317391 192.168.1.1:80 -> 192.168.1.113:4064
TCP TTL:128 TOS:0x0 ID:6383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x242FCBF Ack: 0xB5372694 Win: 0x4442 TcpLen: 20
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.327391 192.168.1.113:4065 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41489 IpLen:20 DgmLen:86 DF
***AP*** Seq: 0xB537C77D Ack: 0x243C590 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.327391 192.168.1.1:80 -> 192.168.1.113:4065
TCP TTL:128 TOS:0x0 ID:6388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x243C590 Ack: 0xB537C7AB Win: 0x4442 TcpLen: 20
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.327391 192.168.1.113:4066 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41495 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0xB5387D78 Ack: 0x244A7E3 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.327391 192.168.1.1:80 -> 192.168.1.113:4066
TCP TTL:128 TOS:0x0 ID:6392 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x244A7E3 Ack: 0xB5387DAA Win: 0x443E TcpLen: 20
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.327391 192.168.1.113:4067 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41501 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0xB5394185 Ack: 0x2459DAF Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.327391 192.168.1.1:80 -> 192.168.1.113:4067
TCP TTL:128 TOS:0x0 ID:6396 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2459DAF Ack: 0xB53941B7 Win: 0x443E TcpLen: 20
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.327391 192.168.1.113:4069 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41511 IpLen:20 DgmLen:79 DF
***AP*** Seq: 0xB53A7E83 Ack: 0x246D913 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:979:4] WEB-IIS ASP contents view [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.397391 192.168.1.113:4075 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41541 IpLen:20 DgmLen:183 DF
***AP*** Seq: 0xB53EB661 Ack: 0x24A50F8 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1864]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.397391 192.168.1.1:80 -> 192.168.1.113:4075
TCP TTL:128 TOS:0x0 ID:6424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24A50F8 Ack: 0xB53EB6F0 Win: 0x43E1 TcpLen: 20
[**] [1:979:4] WEB-IIS ASP contents view [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.397391 192.168.1.113:4076 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41547 IpLen:20 DgmLen:183 DF
***AP*** Seq: 0xB53F64D1 Ack: 0x24B0618 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1864]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.397391 192.168.1.1:80 -> 192.168.1.113:4076
TCP TTL:128 TOS:0x0 ID:6428 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x24B0618 Ack: 0xB53F6560 Win: 0x43E1 TcpLen: 20
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.397391 192.168.1.113:4077 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41553 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB5402F4A Ack: 0x24BEA50 Win: 0xFAF0 TcpLen: 20
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.427391 192.168.1.113:4080 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41564 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB5419372 Ack: 0x24D2685 Win: 0xFAF0 TcpLen: 20
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.427391 192.168.1.113:4082 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41575 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xB5429F1E Ack: 0x24EEEAD Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.437391 192.168.1.113:4083 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41580 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB5437D2A Ack: 0x24FAB13 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.437391 192.168.1.113:4084 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41585 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB54412F0 Ack: 0x2504D9D Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.437391 192.168.1.113:4085 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41590 IpLen:20 DgmLen:88 DF
***AP*** Seq: 0xB545040C Ack: 0x250D810 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.437391 192.168.1.113:4086 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41595 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB545A1F4 Ack: 0x251AD72 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.447391 192.168.1.113:4087 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41600 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xB5464393 Ack: 0x2523773 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.447391 192.168.1.113:4088 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41607 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0xB547292E Ack: 0x252C50F Win: 0xFAF0 TcpLen: 20
[**] [1:903:3] WEB-COLDFUSION cfcache.map access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.447391 192.168.1.113:4091 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41615 IpLen:20 DgmLen:67 DF
***AP*** Seq: 0xB548CE29 Ack: 0x253FB0B Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/917]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0057]
[**] [1:953:4] WEB-FRONTPAGE administrators.pwd access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.447391 192.168.1.113:4092 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41622 IpLen:20 DgmLen:83 DF
***AP*** Seq: 0xB549A847 Ack: 0x254B397 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1205]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.467391 192.168.1.1:80 -> 192.168.1.113:4092
TCP TTL:128 TOS:0x0 ID:6486 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x254B397 Ack: 0xB549A872 Win: 0x4445 TcpLen: 20
[**] [1:951:3] WEB-FRONTPAGE authors.pwd access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.467391 192.168.1.113:4093 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41630 IpLen:20 DgmLen:76 DF
***AP*** Seq: 0xB54A2CDE Ack: 0x2558901 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.467391 192.168.1.1:80 -> 192.168.1.113:4093
TCP TTL:128 TOS:0x0 ID:6490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2558901 Ack: 0xB54A2D02 Win: 0x444C TcpLen: 20
[**] [1:964:3] WEB-FRONTPAGE users.pwd access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.467391 192.168.1.113:4094 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41636 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB54ADE2F Ack: 0x256774C Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.467391 192.168.1.1:80 -> 192.168.1.113:4094
TCP TTL:128 TOS:0x0 ID:6494 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x256774C Ack: 0xB54ADE51 Win: 0x444E TcpLen: 20
[**] [1:959:3] WEB-FRONTPAGE service.pwd [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.477391 192.168.1.113:4095 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41642 IpLen:20 DgmLen:76 DF
***AP*** Seq: 0xB54B60B1 Ack: 0x25701FE Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1205]
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.477391 192.168.1.1:80 -> 192.168.1.113:4095
TCP TTL:128 TOS:0x0 ID:6498 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25701FE Ack: 0xB54B60D5 Win: 0x444C TcpLen: 20
[**] [1:937:4] WEB-FRONTPAGE _vti_rpc access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.477391 192.168.1.113:4096 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41648 IpLen:20 DgmLen:350 DF
***AP*** Seq: 0xB54BF8A2 Ack: 0x2579EBF Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/2144]
[**] [1:1287:3] WEB-IIS scripts access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.907391 192.168.1.113:4121 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41755 IpLen:20 DgmLen:64 DF
***AP*** Seq: 0xB55925B0 Ack: 0x2642EA5 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.907391 192.168.1.1:80 -> 192.168.1.113:4121
TCP TTL:128 TOS:0x0 ID:6582 IpLen:20 DgmLen:355 DF
***AP*** Seq: 0x2642EA5 Ack: 0xB55925C8 Win: 0x4458 TcpLen: 20
[**] [1:862:4] WEB-CGI csh access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.907391 192.168.1.113:4123 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41766 IpLen:20 DgmLen:67 DF
***AP*** Seq: 0xB55A7DEC Ack: 0x265AA4F Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-1996-11.html]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0509]
[**] [1:865:3] WEB-CGI ksh access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.907391 192.168.1.113:4124 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41772 IpLen:20 DgmLen:67 DF
***AP*** Seq: 0xB55B1217 Ack: 0x2663EF8 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-1996-11.html]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0509]
[**] [1:1002:3] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.907391 192.168.1.113:4125 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41778 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB55BD929 Ack: 0x266EC8C Win: 0xFAF0 TcpLen: 20
[**] [1:1002:3] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.917391 192.168.1.113:4126 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41786 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB55C707A Ack: 0x267CB7B Win: 0xFAF0 TcpLen: 20
[**] [1:1661:1] WEB-IIS cmd32.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.917391 192.168.1.113:4129 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41795 IpLen:20 DgmLen:73 DF
***AP*** Seq: 0xB55EAC9B Ack: 0x2696A7E Win: 0xFAF0 TcpLen: 20
[**] [1:1661:1] WEB-IIS cmd32.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.917391 192.168.1.113:4130 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41802 IpLen:20 DgmLen:73 DF
***AP*** Seq: 0xB55F7838 Ack: 0x26A55C3 Win: 0xFAF0 TcpLen: 20
[**] [1:1402:1] WEB-IIS iissamples access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.997391 192.168.1.113:4140 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41852 IpLen:20 DgmLen:86 DF
***AP*** Seq: 0xB5666198 Ack: 0x2717A07 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.997391 192.168.1.1:80 -> 192.168.1.113:4140
TCP TTL:128 TOS:0x0 ID:6668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2717A07 Ack: 0xB56661C6 Win: 0x4442 TcpLen: 20
[**] [1:1077:3] WEB-MISC queryhit.htm access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.997391 192.168.1.113:4141 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41858 IpLen:20 DgmLen:83 DF
***AP*** Seq: 0xB5673D72 Ack: 0x2726A56 Win: 0xFAF0 TcpLen: 20
[**] [1:1287:3] WEB-IIS scripts access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:13.997391 192.168.1.113:4142 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41864 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xB567DD3F Ack: 0x2736310 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:13.997391 192.168.1.1:80 -> 192.168.1.113:4142
TCP TTL:128 TOS:0x0 ID:6676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2736310 Ack: 0xB567DD5E Win: 0x4451 TcpLen: 20
[**] [1:1402:1] WEB-IIS iissamples access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:13.997391 192.168.1.113:4143 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41870 IpLen:20 DgmLen:93 DF
***AP*** Seq: 0xB568D80B Ack: 0x2745AFE Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.007391 192.168.1.1:80 -> 192.168.1.113:4143
TCP TTL:128 TOS:0x0 ID:6680 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2745AFE Ack: 0xB568D840 Win: 0x443B TcpLen: 20
[**] [1:987:7] WEB-IIS .htr access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.007391 192.168.1.113:4144 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41876 IpLen:20 DgmLen:75 DF
***AP*** Seq: 0xB569B267 Ack: 0x27558A3 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0630]
[**] [1:1287:3] WEB-IIS scripts access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.007391 192.168.1.113:4145 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41883 IpLen:20 DgmLen:75 DF
***AP*** Seq: 0xB56A9676 Ack: 0x27655FA Win: 0xFAF0 TcpLen: 20
[**] [1:1287:3] WEB-IIS scripts access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.017391 192.168.1.113:4149 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41905 IpLen:20 DgmLen:68 DF
***AP*** Seq: 0xB56D4EB5 Ack: 0x2796EBA Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.027391 192.168.1.1:80 -> 192.168.1.113:4149
TCP TTL:128 TOS:0x0 ID:6707 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2796EBA Ack: 0xB56D4ED1 Win: 0x4454 TcpLen: 20
[**] [1:1402:1] WEB-IIS iissamples access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.027391 192.168.1.113:4150 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41911 IpLen:20 DgmLen:96 DF
***AP*** Seq: 0xB56E4A8C Ack: 0x27A2EAA Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.027391 192.168.1.1:80 -> 192.168.1.113:4150
TCP TTL:128 TOS:0x0 ID:6711 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27A2EAA Ack: 0xB56E4AC4 Win: 0x4438 TcpLen: 20
[**] [1:1401:1] WEB-IIS /msadc/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.027391 192.168.1.113:4151 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41917 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB56F2799 Ack: 0x27AC867 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.027391 192.168.1.1:80 -> 192.168.1.113:4151
TCP TTL:128 TOS:0x0 ID:6715 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27AC867 Ack: 0xB56F27CC Win: 0x443D TcpLen: 20
[**] [1:1123:4] WEB-MISC ?PageServices access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.047391 192.168.1.113:4152 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41923 IpLen:20 DgmLen:75 DF
***AP*** Seq: 0xB56FD46A Ack: 0x27BDC53 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1063]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0269]
[**] [1:833:3] WEB-CGI rguest.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4155 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41940 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB57215DE Ack: 0x27E704A Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0467]
[Xref => http://www.securityfocus.com/bid/2024]
[**] [1:833:3] WEB-CGI rguest.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4156 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41946 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB572BAC1 Ack: 0x27F5FEF Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0467]
[Xref => http://www.securityfocus.com/bid/2024]
[**] [1:852:3] WEB-CGI wguest.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4157 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41952 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB57396FC Ack: 0x2801CC9 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0467]
[Xref => http://www.securityfocus.com/bid/2024]
[**] [1:852:3] WEB-CGI wguest.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4158 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41958 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB5741D39 Ack: 0x280CEB1 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0467]
[Xref => http://www.securityfocus.com/bid/2024]
[**] [1:1180:4] WEB-MISC get32.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4159 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41964 IpLen:20 DgmLen:73 DF
***AP*** Seq: 0xB574EE63 Ack: 0x281CC0D Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1485]
[Xref => http://www.whitehats.com/info/IDS258]
[**] [1:1508:2] WEB-CGI alibaba.pl access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.057391 192.168.1.113:4160 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41970 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB575B935 Ack: 0x282A7D3 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0885]
[**] [1:1650:1] WEB-CGI tst.bat access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.067391 192.168.1.113:4161 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41976 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xB5766137 Ack: 0x2838BB1 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0885]
[Xref => http://www.securityfocus.com/bid/770]
[**] [1:837:2] WEB-CGI uploader.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.067391 192.168.1.113:4162 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41982 IpLen:20 DgmLen:76 DF
***AP*** Seq: 0xB57710A3 Ack: 0x2842356 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0177]
[**] [1:1594:2] WEB-CGI FormHandler.cgi access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.067391 192.168.1.113:4163 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41988 IpLen:20 DgmLen:79 DF
***AP*** Seq: 0xB577A056 Ack: 0x284C58E Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1050]
[**] [1:1645:2] WEB-CGI testcgi access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.067391 192.168.1.113:4164 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:41994 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xB5782756 Ack: 0x2858256 Win: 0xFAF0 TcpLen: 20
[**] [1:1644:2] WEB-CGI test-cgi attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.067391 192.168.1.113:4165 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42000 IpLen:20 DgmLen:76 DF
***AP*** Seq: 0xB5790D32 Ack: 0x28670EF Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0070]
[Xref => http://www.whitehats.com/info/IDS218]
[**] [1:1287:3] WEB-IIS scripts access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.077391 192.168.1.113:4168 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42018 IpLen:20 DgmLen:74 DF
***AP*** Seq: 0xB57B2770 Ack: 0x2893B57 Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.077391 192.168.1.1:80 -> 192.168.1.113:4168
TCP TTL:128 TOS:0x0 ID:6782 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2893B57 Ack: 0xB57B2792 Win: 0x444E TcpLen: 20
[**] [1:886:4] WEB-CGI phf access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.087391 192.168.1.113:4175 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42060 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB5804C32 Ack: 0x28E9430 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/629]
[Xref => http://www.whitehats.com/info/IDS128]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067]
[**] [1:1149:4] WEB-MISC count.cgi access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.087391 192.168.1.113:4176 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42066 IpLen:20 DgmLen:73 DF
***AP*** Seq: 0xB5812EB7 Ack: 0x28F6CD4 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/128]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0021]
[**] [1:1163:3] WEB-MISC webdist.cgi access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.087391 192.168.1.113:4178 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42078 IpLen:20 DgmLen:75 DF
***AP*** Seq: 0xB582E187 Ack: 0x2909A75 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/374]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0039]
[**] [1:847:3] WEB-CGI campas access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.097391 192.168.1.113:4180 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42090 IpLen:20 DgmLen:94 DF
***AP*** Seq: 0xB5844876 Ack: 0x2920530 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0146]
[Xref => http://www.securityfocus.com/bid/1975]
[**] [1:1647:1] WEB-CGI faxsurvey attempt (full path) [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.097391 192.168.1.113:4184 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42114 IpLen:20 DgmLen:96 DF
***AP*** Seq: 0xB587572F Ack: 0x294C04C Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0262]
[Xref => http://www.securityfocus.com/bid/2056]
[**] [1:1509:2] WEB-CGI AltaVista Intranet Search directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.107391 192.168.1.113:4189 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42144 IpLen:20 DgmLen:105 DF
***AP*** Seq: 0xB58ABC19 Ack: 0x2980F83 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0039]
[**] [1:1245:4] WEB-IIS ISAPI .idq access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.127391 192.168.1.113:4197 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42187 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xB59079DD Ack: 0x29E8CAC Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS553]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071]
[Xref => http://www.securityfocus.com/bid/1065]
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.127391 192.168.1.113:4198 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42192 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB59169F9 Ack: 0x29F531B Win: 0xFAF0 TcpLen: 20
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.127391 192.168.1.113:4199 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42197 IpLen:20 DgmLen:91 DF
***AP*** Seq: 0xB592473C Ack: 0x2A046B0 Win: 0xFAF0 TcpLen: 20
[**] [1:1400:1] WEB-IIS /scripts/samples/ access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.137391 192.168.1.113:4200 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42202 IpLen:20 DgmLen:90 DF
***AP*** Seq: 0xB5930F46 Ack: 0x2A11E94 Win: 0xFAF0 TcpLen: 20
[**] [1:1599:3] WEB-CGI search.cgi access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.147391 192.168.1.113:4206 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42238 IpLen:20 DgmLen:167 DF
***AP*** Seq: 0xB597DB9C Ack: 0x2A65CCA Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0054]
[Xref => http://www.securityfocus.com/bid/921]
[**] [1:1150:3] WEB-MISC Domino catalog.nsf access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.147391 192.168.1.113:4208 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42250 IpLen:20 DgmLen:73 DF
***AP*** Seq: 0xB5997D49 Ack: 0x2A7D038 Win: 0xFAF0 TcpLen: 20
[**] [1:1129:2] WEB-MISC .htaccess access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.217391 192.168.1.113:4216 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42296 IpLen:20 DgmLen:65 DF
***AP*** Seq: 0xB59F7946 Ack: 0x2ADDC24 Win: 0xFAF0 TcpLen: 20
[**] [1:1726:1] WEB-IIS doctodep.btr access [**]
[Classification: sid] [Priority: 2]
05/03-15:56:14.217391 192.168.1.113:4217 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42303 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB5A00B9F Ack: 0x2AE8C1B Win: 0xFAF0 TcpLen: 20
[**] [1:1201:3] WEB-MISC 403 Forbidden [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.217391 192.168.1.1:80 -> 192.168.1.113:4217
TCP TTL:128 TOS:0x0 ID:6979 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2AE8C1B Ack: 0xB5A00BC4 Win: 0x444B TcpLen: 20
[**] [1:974:4] WEB-IIS .... access [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.217391 192.168.1.113:4218 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42309 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0xB5A0EEE5 Ack: 0x2AF791D Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/2218]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0229]
[**] [1:911:2] WEB-COLDFUSION exprcalc access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.217391 192.168.1.113:4219 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42315 IpLen:20 DgmLen:108 DF
***AP*** Seq: 0xB5A1E3C1 Ack: 0x2AFFBEA Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0455]
[Xref => http://www.securityfocus.com/bid/550]
[**] [1:918:2] WEB-COLDFUSION expeval access [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
05/03-15:56:14.217391 192.168.1.113:4220 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42321 IpLen:20 DgmLen:108 DF
***AP*** Seq: 0xB5A2D497 Ack: 0x2B0B341 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/550]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0477]
[**] [1:1655:1] WEB-CGI pfdispaly.cgi arbitrary command execution attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/03-15:56:14.227391 192.168.1.113:4221 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42327 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0xB5A364AC Ack: 0x2B17199 Win: 0xFAF0 TcpLen: 20
[**] [1:893:3] WEB-CGI MachineInfo access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.227391 192.168.1.113:4222 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42333 IpLen:20 DgmLen:75 DF
***AP*** Seq: 0xB5A4438C Ack: 0x2B20DD1 Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1067]
[**] [1:1120:2] WEB-MISC mylog.phtml access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.227391 192.168.1.113:4223 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42339 IpLen:20 DgmLen:86 DF
***AP*** Seq: 0xB5A4F9DB Ack: 0x2B29529 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/713]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0346]
[**] [1:1119:2] WEB-MISC mlog.phtml access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.227391 192.168.1.113:4224 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42345 IpLen:20 DgmLen:86 DF
***AP*** Seq: 0xB5A5867D Ack: 0x2B349F4 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/713]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0346]
[**] [1:853:3] WEB-CGI wrap access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.227391 192.168.1.113:4225 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42351 IpLen:20 DgmLen:68 DF
***AP*** Seq: 0xB5A63258 Ack: 0x2B3FDD6 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/373]
[Xref => http://www.whitehats.com/info/IDS234]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0149]
[**] [1:875:3] WEB-CGI win-c-sample.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:14.237391 192.168.1.113:4228 -> 192.168.1.1:80
TCP TTL:128 TOS:0x0 ID:42369 IpLen:20 DgmLen:80 DF
***AP*** Seq: 0xB5A83C33 Ack: 0x2B65078 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/2078]
[Xref => http://www.whitehats.com/info/IDS231]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0178]
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:16.317391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35096 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:42376 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:16.317391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35097 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:42377 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 12 connections across 3 hosts: TCP(12), UDP(0) [**]
05/03-15:56:16.361721
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:16.817391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35106 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:42382 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:16.817391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35107 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:42383 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:19.317391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:35191 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30402 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:19.317391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:35192 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30403 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 1 connections across 1 hosts: TCP(1), UDP(0) [**]
05/03-15:56:20.397665
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 52 connections across 1 hosts: TCP(52), UDP(0) [**]
05/03-15:56:24.302496
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 258 connections across 2 hosts: TCP(258), UDP(0) [**]
05/03-15:56:28.310597
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 255 connections across 2 hosts: TCP(255), UDP(0) [**]
05/03-15:56:32.315976
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 253 connections across 1 hosts: TCP(253), UDP(0) [**]
05/03-15:56:36.321355
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 250 connections across 1 hosts: TCP(250), UDP(0) [**]
05/03-15:56:40.326771
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:41.327391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35307 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:45161 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:41.327391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35308 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:45162 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:41.847391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35309 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:45234 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:41.847391 192.168.1.2 -> 192.168.1.113
ICMP TTL:128 TOS:0x0 ID:35310 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.113:3022 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:45235 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:44.317391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:35400 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30416 IpLen:20 DgmLen:160
Len: 140
** END OF DUMP
[**] [1:402:4] ICMP Destination Unreachable (Port Unreachable) [**]
[Classification: Misc activity] [Priority: 3]
05/03-15:56:44.317391 192.168.1.2 -> 192.168.1.27
ICMP TTL:128 TOS:0x0 ID:35401 IpLen:20 DgmLen:56
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.1.27:1093 -> 192.168.1.2:1900
UDP TTL:128 TOS:0x0 ID:30417 IpLen:20 DgmLen:161
Len: 141
** END OF DUMP
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 254 connections across 2 hosts: TCP(254), UDP(0) [**]
05/03-15:56:44.332122
[**] [1:615:3] SCAN SOCKS Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:44.937391 192.168.1.113:3368 -> 192.168.1.1:1080
TCP TTL:128 TOS:0x0 ID:45742 IpLen:20 DgmLen:48 DF
******S* Seq: 0xB950D9B7 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[Xref => http://help.undernet.org/proxyscan/]
[**] [1:615:3] SCAN SOCKS Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:45.427391 192.168.1.113:3368 -> 192.168.1.1:1080
TCP TTL:128 TOS:0x0 ID:45820 IpLen:20 DgmLen:48 DF
******S* Seq: 0xB950D9B7 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[Xref => http://help.undernet.org/proxyscan/]
[**] [1:615:3] SCAN SOCKS Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/03-15:56:45.927391 192.168.1.113:3368 -> 192.168.1.1:1080
TCP TTL:128 TOS:0x0 ID:45920 IpLen:20 DgmLen:48 DF
******S* Seq: 0xB950D9B7 Ack: 0x0 Win: 0xFAF0 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[Xref => http://help.undernet.org/proxyscan/]
[**] [100:2:1] spp_portscan: portscan status from 192.168.1.113: 260 connections across 2 hosts: TCP(260), UDP(0) [**]
05/03-15:56:48.337822