Security Incidents mailing list archives
Attacks from 200.5.85.12 (proxied for 209.13.224.183)
From: Dan Hollis <goemon () ANIME NET>
Date: Mon, 7 Aug 2000 03:27:58 -0700
Caught some big attacks over the weekend. Anyone else seeing the same? The script kiddies are out in force, hard at work it seems. Or desperate. snort is IDS of glorious republik. pitr like. da. is good. BTW trying to determine contact information for these IP addresses is next to impossible. I need security contacts for seabone.net, infovia.com.ar, telintar.net.ar, and satlink.com. Anyone have these contact addresses? [**] WEB-etc/passwd [**] 08/06-18:59:56.640436 200.5.85.12:6490 -> my-ip-address:80 TCP TTL:50 TOS:0x0 ID:7340 *****PA* Seq: 0x641C09BE Ack: 0x8697FE65 Win: 0x8000 47 45 54 20 2F 65 74 63 2F 70 61 73 73 77 64 20 GET /etc/passwd 48 54 54 50 2F 31 2E 30 0D 0A 41 63 63 65 70 74 HTTP/1.0..Accept 3A 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D 61 : image/gif, ima 67 65 2F 78 2D 78 62 69 74 6D 61 70 2C 20 69 6D ge/x-xbitmap, im 61 67 65 2F 6A 70 65 67 2C 20 69 6D 61 67 65 2F age/jpeg, image/ 70 6A 70 65 67 2C 20 2A 2F 2A 0D 0A 55 73 65 72 pjpeg, */*..User 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F -Agent: Mozilla/ 33 2E 30 20 28 63 6F 6D 70 61 74 69 62 6C 65 29 3.0 (compatible) 0D 0A 48 6F 73 74 3A 20 77 77 77 2E 61 66 68 6F ..Host: www.---- 6E 6C 69 6E 65 2E 63 6F 6D 0D 0A 43 61 63 68 65 -----.com..Cache 2D 43 6F 6E 74 72 6F 6C 3A 20 62 79 70 61 73 73 -Control: bypass 2D 63 6C 69 65 6E 74 3D 32 30 39 2E 31 33 2E 32 -client=209.13.2 32 34 2E 31 38 33 0D 0A 43 6F 6E 6E 65 63 74 69 24.183..Connecti 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65 0D 0A on: keep-alive.. 56 69 61 3A 20 31 2E 30 20 43 61 63 68 65 33 0D Via: 1.0 Cache3. 0A 58 2D 46 6F 72 77 61 72 64 65 64 2D 46 6F 72 .X-Forwarded-For 3A 20 32 30 39 2E 31 33 2E 32 32 34 2E 31 38 33 : 209.13.224.183 0D 0A 0D 0A .... Aug 6 18:59:41 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:5539 -> my-ip-address:80 Aug 6 18:59:41 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:5555 -> my-ip-address:80 Aug 6 18:59:41 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:5558 -> my-ip-address:80 Aug 6 18:59:44 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:5544 -> my-ip-address:80 Aug 6 18:59:45 guard snort[9383]: WEB-PageService: 200.5.85.12:5806 -> my-ip-address:80 Aug 6 18:59:46 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:5953 -> my-ip-address:80 Aug 6 18:59:46 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:5965 -> my-ip-address:80 Aug 6 18:59:49 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:6212 -> my-ip-address:80 Aug 6 18:59:51 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:6337 -> my-ip-address:80 Aug 6 18:59:51 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:6361 -> my-ip-address:80 Aug 6 18:59:53 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:6510 -> my-ip-address:80 Aug 6 18:59:54 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:6599 -> my-ip-address:80 Aug 6 18:59:55 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:6631 -> my-ip-address:80 Aug 6 18:59:55 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:6670 -> my-ip-address:80 Aug 6 18:59:56 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:6712 -> my-ip-address:80 Aug 6 18:59:56 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:6490 -> my-ip-address:80 Aug 6 18:59:56 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:6750 -> my-ip-address:80 Aug 6 18:59:59 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:6955 -> my-ip-address:80 Aug 6 19:00:00 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:7033 -> my-ip-address:80 Aug 6 19:00:01 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:6879 -> my-ip-address:80 Aug 6 19:00:03 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:7293 -> my-ip-address:80 Aug 6 19:00:07 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:7623 -> my-ip-address:80 Aug 6 19:00:09 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:7870 -> my-ip-address:80 Aug 6 19:00:10 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:7897 -> my-ip-address:80 Aug 6 19:00:10 guard snort[9383]: WEB-~root: 200.5.85.12:7922 -> my-ip-address:80 Aug 6 19:00:11 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:7978 -> my-ip-address:80 Aug 6 19:00:12 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:8061 -> my-ip-address:80 Aug 6 19:00:13 guard snort[9383]: IIS-fpcount: 200.5.85.12:8088 -> my-ip-address:80 Aug 6 19:00:13 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:8102 -> my-ip-address:80 Aug 6 19:00:13 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:8131 -> my-ip-address:80 Aug 6 19:00:14 guard snort[9383]: IIS-bdir: 200.5.85.12:8186 -> my-ip-address:80 Aug 6 19:00:16 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8121 -> my-ip-address:80 Aug 6 19:00:17 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:8151 -> my-ip-address:80 Aug 6 19:00:17 guard snort[9383]: WEB-CGI-Webdist CGI access attempt: 200.5.85.12:8444 -> my-ip-address:80 Aug 6 19:00:19 guard snort[9383]: IIS-admin: 200.5.85.12:8305 -> my-ip-address:80 Aug 6 19:00:20 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:8590 -> my-ip-address:80 Aug 6 19:00:21 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8675 -> my-ip-address:80 Aug 6 19:00:21 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:8509 -> my-ip-address:80 Aug 6 19:00:21 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:8726 -> my-ip-address:80 Aug 6 19:00:22 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:8757 -> my-ip-address:80 Aug 6 19:00:22 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:8786 -> my-ip-address:80 Aug 6 19:00:23 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:8846 -> my-ip-address:80 Aug 6 19:00:23 guard snort[9383]: IIS-details.idc: 200.5.85.12:8851 -> my-ip-address:80 Aug 6 19:00:23 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:8880 -> my-ip-address:80 Aug 6 19:00:27 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:9215 -> my-ip-address:80 Aug 6 19:00:27 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:8972 -> my-ip-address:80 Aug 6 19:00:29 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9324 -> my-ip-address:80 Aug 6 19:00:30 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:9450 -> my-ip-address:80 Aug 6 19:00:31 guard snort[9383]: WEB-CGI-CGI Man access attempt: 200.5.85.12:9607 -> my-ip-address:80 Aug 6 19:00:33 guard snort[9383]: WEB-CGI-NPH-publish CGI access attempt: 200.5.85.12:9706 -> my-ip-address:80 Aug 6 19:00:35 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:9870 -> my-ip-address:80 Aug 6 19:00:36 guard snort[9383]: WEB-CGI-Wguest CGI access attempt: 200.5.85.12:9912 -> my-ip-address:80 Aug 6 19:00:36 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:9943 -> my-ip-address:80 Aug 6 19:00:38 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:10092 -> my-ip-address:80 Aug 6 19:00:40 guard snort[9383]: WEB-CGI-CGI pf display access attempt: 200.5.85.12:10192 -> my-ip-address:80 Aug 6 19:00:41 guard snort[9383]: WEB-CGI-AT-admin CGI access attempt: 200.5.85.12:10048 -> my-ip-address:80 Aug 6 19:00:43 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:10463 -> my-ip-address:80 Aug 6 19:00:43 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:10470 -> my-ip-address:80 Aug 6 19:00:44 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:10310 -> my-ip-address:80 Aug 6 19:00:45 guard snort[9383]: WEB-CGI-wwwadmin: 200.5.85.12:10587 -> my-ip-address:80 Aug 6 19:00:46 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:10621 -> my-ip-address:80 Aug 6 19:00:46 guard snort[9383]: IIS-codebrowser SDK: 200.5.85.12:10682 -> my-ip-address:80 Aug 6 19:00:48 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:10592 -> my-ip-address:80 Aug 6 19:00:49 guard snort[9383]: WEB-MISC - wwwboard.pl attempt: 200.5.85.12:10689 -> my-ip-address:80 Aug 6 19:00:51 guard snort[9383]: WEB-CGI-WWW-SQL CGI access attempt: 200.5.85.12:11033 -> my-ip-address:80 Aug 6 19:00:51 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:11049 -> my-ip-address:80 Aug 6 19:00:52 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:11126 -> my-ip-address:80 Aug 6 19:00:52 guard snort[9383]: WEB-CGI-Args CGI access attempt: 200.5.85.12:11151 -> my-ip-address:80 Aug 6 19:00:55 guard snort[9383]: IDS231 - CVE-1999-0178 - CGI-win-c-sample: 200.5.85.12:11359 -> my-ip-address:80 Aug 6 19:00:56 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:11428 -> my-ip-address:80 Aug 6 19:00:57 guard snort[9383]: IIS-adctest.asp: 200.5.85.12:11244 -> my-ip-address:80 Aug 6 19:00:57 guard snort[9383]: WEB-CGI-day5datanotifier.cgi: 200.5.85.12:11491 -> my-ip-address:80 Aug 6 19:01:01 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:11869 -> my-ip-address:80 Aug 6 19:01:04 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:12099 -> my-ip-address:80 Aug 6 19:01:08 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:12401 -> my-ip-address:80 Aug 6 19:01:08 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:12404 -> my-ip-address:80 Aug 6 19:01:08 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:12415 -> my-ip-address:80 Aug 6 19:01:08 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:12418 -> my-ip-address:80 Aug 6 19:01:10 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:12536 -> my-ip-address:80 Aug 6 19:01:10 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:12537 -> my-ip-address:80 Aug 6 19:01:13 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:12750 -> my-ip-address:80 Aug 6 19:01:14 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:12639 -> my-ip-address:80 Aug 6 19:01:14 guard snort[9383]: WEB-PageService: 200.5.85.12:12870 -> my-ip-address:80 Aug 6 19:01:16 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:12966 -> my-ip-address:80 Aug 6 19:01:16 guard snort[9383]: WEB-Domino-domcfg.nsf: 200.5.85.12:12979 -> my-ip-address:80 Aug 6 19:01:16 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:12980 -> my-ip-address:80 Aug 6 19:01:16 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:13015 -> my-ip-address:80 Aug 6 19:01:17 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:13090 -> my-ip-address:80 Aug 6 19:01:17 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:13101 -> my-ip-address:80 Aug 6 19:01:17 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:13128 -> my-ip-address:80 Aug 6 19:01:18 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:13146 -> my-ip-address:80 Aug 6 19:01:19 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:13261 -> my-ip-address:80 Aug 6 19:01:20 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:13367 -> my-ip-address:80 Aug 6 19:01:20 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:13375 -> my-ip-address:80 Aug 6 19:01:22 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:13478 -> my-ip-address:80 Aug 6 19:01:23 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:13563 -> my-ip-address:80 Aug 6 19:01:23 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:13571 -> my-ip-address:80 Aug 6 19:01:26 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:13536 -> my-ip-address:80 Aug 6 19:01:26 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:13760 -> my-ip-address:80 Aug 6 19:01:27 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:13846 -> my-ip-address:80 Aug 6 19:01:28 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:13885 -> my-ip-address:80 Aug 6 19:01:30 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:14054 -> my-ip-address:80 Aug 6 19:01:31 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:13873 -> my-ip-address:80 Aug 6 19:01:33 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:14305 -> my-ip-address:80 Aug 6 19:01:34 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:14365 -> my-ip-address:80 Aug 6 19:01:35 guard snort[9383]: IIS-catalog_type: 200.5.85.12:14401 -> my-ip-address:80 Aug 6 19:01:38 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:14629 -> my-ip-address:80 Aug 6 19:01:40 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:14530 -> my-ip-address:80 Aug 6 19:01:41 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:14826 -> my-ip-address:80 Aug 6 19:01:41 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:14861 -> my-ip-address:80 Aug 6 19:01:42 guard snort[9383]: WEB-CGI-Textcounter CGI access attempt: 200.5.85.12:14912 -> my-ip-address:80 Aug 6 19:01:42 guard snort[9383]: IIS-catalog_type: 200.5.85.12:14728 -> my-ip-address:80 Aug 6 19:01:43 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:14940 -> my-ip-address:80 Aug 6 19:01:43 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:14801 -> my-ip-address:80 Aug 6 19:01:44 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:15016 -> my-ip-address:80 Aug 6 19:01:44 guard snort[9383]: IIS-CGImail: 200.5.85.12:15019 -> my-ip-address:80 Aug 6 19:01:45 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:15128 -> my-ip-address:80 Aug 6 19:01:47 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:15033 -> my-ip-address:80 Aug 6 19:01:48 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:15325 -> my-ip-address:80 Aug 6 19:01:49 guard snort[9383]: WEB-MISC - /cgi-bin/jj attempt: 200.5.85.12:15437 -> my-ip-address:80 Aug 6 19:01:51 guard snort[9383]: WEB-CGI-visadmin.exe: 200.5.85.12:15562 -> my-ip-address:80 Aug 6 19:01:52 guard snort[9383]: IIS-fpcount: 200.5.85.12:15384 -> my-ip-address:80 Aug 6 19:01:53 guard snort[9383]: IIS-bdir: 200.5.85.12:15728 -> my-ip-address:80 Aug 6 19:01:53 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:15731 -> my-ip-address:80 Aug 6 19:01:54 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:15739 -> my-ip-address:80 Aug 6 19:01:55 guard snort[9383]: IIS-admin: 200.5.85.12:15817 -> my-ip-address:80 Aug 6 19:01:55 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:15828 -> my-ip-address:80 Aug 6 19:01:57 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:15955 -> my-ip-address:80 Aug 6 19:01:57 guard snort[9383]: SCAN - Whisker Stealth- Start Stop Web access attempt: 200.5.85.12:15771 -> my-ip-address:80 Aug 6 19:01:58 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:1074 -> my-ip-address:80 Aug 6 19:02:00 guard snort[9383]: WEB-CGI-NPH-publish CGI access attempt: 200.5.85.12:1209 -> my-ip-address:80 Aug 6 19:02:01 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:1306 -> my-ip-address:80 Aug 6 19:02:01 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:1329 -> my-ip-address:80 Aug 6 19:02:03 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:1436 -> my-ip-address:80 Aug 6 19:02:04 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:1512 -> my-ip-address:80 Aug 6 19:02:04 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:1557 -> my-ip-address:80 Aug 6 19:02:05 guard snort[9383]: CVE-1999-0191 - IIS-newdsn: 200.5.85.12:1609 -> my-ip-address:80 Aug 6 19:02:06 guard snort[9383]: WEB-CGI-CGI pf display access attempt: 200.5.85.12:1664 -> my-ip-address:80 Aug 6 19:02:07 guard snort[9383]: SCAN - Whisker Stealth- IIS search97 access attempt: 200.5.85.12:1732 -> my-ip-address:80 Aug 6 19:02:07 guard snort[9383]: WEB-CGI-Wguest CGI access attempt: 200.5.85.12:1763 -> my-ip-address:80 Aug 6 19:02:09 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:1883 -> my-ip-address:80 Aug 6 19:02:09 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:1898 -> my-ip-address:80 Aug 6 19:02:10 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:1998 -> my-ip-address:80 Aug 6 19:02:10 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:2017 -> my-ip-address:80 Aug 6 19:02:15 guard snort[9383]: WEB-CGI-Aglimpse CGI access attempt: 200.5.85.12:2195 -> my-ip-address:80 Aug 6 19:02:19 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:2695 -> my-ip-address:80 Aug 6 19:02:20 guard snort[9383]: IIS-adctest.asp: 200.5.85.12:2808 -> my-ip-address:80 Aug 6 19:02:21 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:2872 -> my-ip-address:80 Aug 6 19:02:22 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:2906 -> my-ip-address:80 Aug 6 19:02:25 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:3111 -> my-ip-address:80 Aug 6 19:02:27 guard snort[9383]: WEB-CGI-Bnbform CGI access attempt: 200.5.85.12:3287 -> my-ip-address:80 Aug 6 19:02:29 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:3422 -> my-ip-address:80 Aug 6 19:02:29 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:3204 -> my-ip-address:80 Aug 6 19:02:30 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:3558 -> my-ip-address:80 Aug 6 19:02:32 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:3558 -> my-ip-address:80 Aug 6 19:02:39 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:4273 -> my-ip-address:80 Aug 6 19:17:37 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:14238 -> my-ip-address:80 Aug 6 19:17:37 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:14245 -> my-ip-address:80 Aug 6 19:17:37 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:14250 -> my-ip-address:80 Aug 6 19:17:37 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:14253 -> my-ip-address:80 Aug 6 19:17:39 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:14383 -> my-ip-address:80 Aug 6 19:17:42 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:14630 -> my-ip-address:80 Aug 6 19:17:43 guard snort[9383]: WEB-PageService: 200.5.85.12:14502 -> my-ip-address:80 Aug 6 19:17:45 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:14889 -> my-ip-address:80 Aug 6 19:17:46 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:14744 -> my-ip-address:80 Aug 6 19:17:48 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:15132 -> my-ip-address:80 Aug 6 19:17:48 guard snort[9383]: WEB-Domino-domcfg.nsf: 200.5.85.12:15147 -> my-ip-address:80 Aug 6 19:17:48 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:15148 -> my-ip-address:80 Aug 6 19:17:49 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:15203 -> my-ip-address:80 Aug 6 19:17:49 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:15259 -> my-ip-address:80 Aug 6 19:17:51 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:15125 -> my-ip-address:80 Aug 6 19:17:51 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:15375 -> my-ip-address:80 Aug 6 19:17:52 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:15471 -> my-ip-address:80 Aug 6 19:17:52 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:15476 -> my-ip-address:80 Aug 6 19:17:53 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:15255 -> my-ip-address:80 Aug 6 19:17:55 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:15716 -> my-ip-address:80 Aug 6 19:17:55 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:15730 -> my-ip-address:80 Aug 6 19:17:58 guard snort[9383]: IIS-CGImail: 200.5.85.12:15956 -> my-ip-address:80 Aug 6 19:17:58 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:15966 -> my-ip-address:80 Aug 6 19:17:58 guard snort[9383]: IDS258 - Web cgi get32.exe: 200.5.85.12:15971 -> my-ip-address:80 Aug 6 19:17:59 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:1057 -> my-ip-address:80 Aug 6 19:18:00 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:1120 -> my-ip-address:80 Aug 6 19:18:00 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:1177 -> my-ip-address:80 Aug 6 19:18:01 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:1185 -> my-ip-address:80 Aug 6 19:18:01 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:1228 -> my-ip-address:80 Aug 6 19:18:02 guard snort[9383]: CAN-1999-0407 - IIS-aexp2.htr Attempt: 200.5.85.12:1292 -> my-ip-address:80 Aug 6 19:18:02 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:1307 -> my-ip-address:80 Aug 6 19:18:03 guard snort[9383]: WEB-CGI-Textcounter CGI access attempt: 200.5.85.12:1364 -> my-ip-address:80 Aug 6 19:18:03 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:1388 -> my-ip-address:80 Aug 6 19:18:03 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:1427 -> my-ip-address:80 Aug 6 19:18:03 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:1451 -> my-ip-address:80 Aug 6 19:18:04 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:1551 -> my-ip-address:80 Aug 6 19:18:05 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:1594 -> my-ip-address:80 Aug 6 19:18:06 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:1369 -> my-ip-address:80 Aug 6 19:18:06 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:1728 -> my-ip-address:80 Aug 6 19:18:07 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:1808 -> my-ip-address:80 Aug 6 19:18:08 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:1853 -> my-ip-address:80 Aug 6 19:18:08 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:1922 -> my-ip-address:80 Aug 6 19:18:09 guard snort[9383]: IIS-fpcount: 200.5.85.12:1962 -> my-ip-address:80 Aug 6 19:18:09 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:1976 -> my-ip-address:80 Aug 6 19:18:10 guard snort[9383]: IIS-bdir: 200.5.85.12:2075 -> my-ip-address:80 Aug 6 19:18:11 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:2090 -> my-ip-address:80 Aug 6 19:18:11 guard snort[9383]: WEB-CGI-visadmin.exe: 200.5.85.12:2134 -> my-ip-address:80 Aug 6 19:18:13 guard snort[9383]: WEB-CGI-Webdist CGI access attempt: 200.5.85.12:2252 -> my-ip-address:80 Aug 6 19:18:14 guard snort[9383]: FrontPage-users.pwd: 200.5.85.12:2325 -> my-ip-address:80 Aug 6 19:18:14 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:2354 -> my-ip-address:80 Aug 6 19:18:15 guard snort[9383]: IIS-admin: 200.5.85.12:2415 -> my-ip-address:80 Aug 6 19:18:15 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:2425 -> my-ip-address:80 Aug 6 19:18:15 guard snort[9383]: WEB-~root: 200.5.85.12:2435 -> my-ip-address:80 Aug 6 19:18:16 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:2285 -> my-ip-address:80 Aug 6 19:18:16 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:2518 -> my-ip-address:80 Aug 6 19:18:16 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:2526 -> my-ip-address:80 Aug 6 19:18:18 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:2608 -> my-ip-address:80 Aug 6 19:18:18 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:2456 -> my-ip-address:80 Aug 6 19:18:21 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:2864 -> my-ip-address:80 Aug 6 19:18:21 guard snort[9383]: IIS-catalog_type: 200.5.85.12:2879 -> my-ip-address:80 Aug 6 19:18:22 guard snort[9383]: IIS-details.idc: 200.5.85.12:2725 -> my-ip-address:80 Aug 6 19:18:22 guard snort[9383]: IIS-catalog_type: 200.5.85.12:2986 -> my-ip-address:80 Aug 6 19:18:24 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:3101 -> my-ip-address:80 Aug 6 19:18:24 guard snort[9383]: WEB-CGI-Wguest CGI access attempt: 200.5.85.12:3141 -> my-ip-address:80 Aug 6 19:18:25 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:2975 -> my-ip-address:80 Aug 6 19:18:26 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:3338 -> my-ip-address:80 Aug 6 19:18:27 guard snort[9383]: WEB-MISC - /cgi-bin/jj attempt: 200.5.85.12:3086 -> my-ip-address:80 Aug 6 19:18:27 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3358 -> my-ip-address:80 Aug 6 19:18:28 guard snort[9383]: CVE-1999-0191 - IIS-newdsn: 200.5.85.12:3457 -> my-ip-address:80 Aug 6 19:18:28 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3481 -> my-ip-address:80 Aug 6 19:18:29 guard snort[9383]: SCAN - Whisker Stealth- IIS search97 access attempt: 200.5.85.12:3572 -> my-ip-address:80 Aug 6 19:18:33 guard snort[9383]: WEB-CGI-wwwadmin: 200.5.85.12:3601 -> my-ip-address:80 Aug 6 19:18:34 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3890 -> my-ip-address:80 Aug 6 19:18:34 guard snort[9383]: WEB-MISC - wwwboard.pl attempt: 200.5.85.12:3927 -> my-ip-address:80 Aug 6 19:18:35 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3990 -> my-ip-address:80 Aug 6 19:18:36 guard snort[9383]: WEB-CGI-WWW-SQL CGI access attempt: 200.5.85.12:4037 -> my-ip-address:80 Aug 6 19:18:37 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:3895 -> my-ip-address:80 Aug 6 19:18:37 guard snort[9383]: WEB-CGI-Args CGI access attempt: 200.5.85.12:4119 -> my-ip-address:80 Aug 6 19:18:38 guard snort[9383]: WEB-CGI-CGI Man access attempt: 200.5.85.12:4223 -> my-ip-address:80 Aug 6 19:18:40 guard snort[9383]: WEB-CGI-NPH-publish CGI access attempt: 200.5.85.12:4344 -> my-ip-address:80 Aug 6 19:18:40 guard snort[9383]: SCAN - Whisker Stealth- Start Stop Web access attempt: 200.5.85.12:4362 -> my-ip-address:80 Aug 6 19:18:41 guard snort[9383]: IIS-codebrowser SDK: 200.5.85.12:4450 -> my-ip-address:80 Aug 6 19:18:41 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:4483 -> my-ip-address:80 Aug 6 19:18:43 guard snort[9383]: WEB-CGI-Aglimpse CGI access attempt: 200.5.85.12:4637 -> my-ip-address:80 Aug 6 19:18:44 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:4736 -> my-ip-address:80 Aug 6 19:18:46 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:4885 -> my-ip-address:80 Aug 6 19:18:47 guard snort[9383]: WEB-CGI-AT-admin CGI access attempt: 200.5.85.12:5003 -> my-ip-address:80 Aug 6 19:18:49 guard snort[9383]: WEB-CGI-Bnbform CGI access attempt: 200.5.85.12:5110 -> my-ip-address:80 Aug 6 19:18:49 guard snort[9383]: WEB-CGI-CGI pf display access attempt: 200.5.85.12:4871 -> my-ip-address:80 Aug 6 19:18:49 guard snort[9383]: IDS231 - CVE-1999-0178 - CGI-win-c-sample: 200.5.85.12:5156 -> my-ip-address:80 Aug 6 19:18:50 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:5230 -> my-ip-address:80 Aug 6 19:18:50 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:5236 -> my-ip-address:80 Aug 6 19:18:50 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:5248 -> my-ip-address:80 Aug 6 19:18:51 guard snort[9383]: IIS-adctest.asp: 200.5.85.12:5336 -> my-ip-address:80 Aug 6 19:18:51 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:5339 -> my-ip-address:80 Aug 6 19:18:52 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:5345 -> my-ip-address:80 Aug 6 19:18:52 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:5349 -> my-ip-address:80 Aug 6 19:18:53 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:5452 -> my-ip-address:80 Aug 6 19:18:54 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:5569 -> my-ip-address:80 Aug 6 19:18:56 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:5671 -> my-ip-address:80 Aug 6 19:18:59 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:5691 -> my-ip-address:80 Aug 6 19:19:02 guard snort[9383]: WEB-CGI-day5datacopier.cgi: 200.5.85.12:6103 -> my-ip-address:80 Aug 6 19:19:03 guard snort[9383]: WEB-CGI-day5datanotifier.cgi: 200.5.85.12:6222 -> my-ip-address:80 Aug 6 19:19:08 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:6626 -> my-ip-address:80 Aug 6 19:19:08 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:6637 -> my-ip-address:80 Aug 6 19:19:10 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:6724 -> my-ip-address:80 Aug 6 19:19:11 guard snort[9383]: WEB-PageService: 200.5.85.12:6828 -> my-ip-address:80 Aug 6 19:19:11 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:6629 -> my-ip-address:80 Aug 6 19:19:12 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:6639 -> my-ip-address:80 Aug 6 19:19:13 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:6955 -> my-ip-address:80 Aug 6 19:19:13 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:6973 -> my-ip-address:80 Aug 6 19:19:14 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:7070 -> my-ip-address:80 Aug 6 19:19:14 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:7087 -> my-ip-address:80 Aug 6 19:19:16 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:7199 -> my-ip-address:80 Aug 6 19:19:16 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:7205 -> my-ip-address:80 Aug 6 19:19:16 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:7213 -> my-ip-address:80 Aug 6 19:19:16 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:6968 -> my-ip-address:80 Aug 6 19:19:17 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:7313 -> my-ip-address:80 Aug 6 19:19:17 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:7316 -> my-ip-address:80 Aug 6 19:19:17 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:7321 -> my-ip-address:80 Aug 6 19:19:18 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:7424 -> my-ip-address:80 Aug 6 19:19:19 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:7436 -> my-ip-address:80 Aug 6 19:19:19 guard snort[9383]: WEB-Domino-domcfg.nsf: 200.5.85.12:7452 -> my-ip-address:80 Aug 6 19:19:20 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:7548 -> my-ip-address:80 Aug 6 19:19:22 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:7735 -> my-ip-address:80 Aug 6 19:19:23 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:7802 -> my-ip-address:80 Aug 6 19:19:23 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:7543 -> my-ip-address:80 Aug 6 19:19:23 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:7842 -> my-ip-address:80 Aug 6 19:19:23 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:7563 -> my-ip-address:80 Aug 6 19:19:26 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:8131 -> my-ip-address:80 Aug 6 19:19:28 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:8264 -> my-ip-address:80 Aug 6 19:19:29 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:8124 -> my-ip-address:80 Aug 6 19:19:29 guard snort[9383]: CAN-1999-0407 - IIS-aexp2.htr Attempt: 200.5.85.12:8380 -> my-ip-address:80 Aug 6 19:19:30 guard snort[9383]: FrontPage-users.pwd: 200.5.85.12:8493 -> my-ip-address:80 Aug 6 19:19:31 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:8513 -> my-ip-address:80 Aug 6 19:19:32 guard snort[9383]: WEB-~root: 200.5.85.12:8599 -> my-ip-address:80 Aug 6 19:19:32 guard snort[9383]: IDS258 - Web cgi get32.exe: 200.5.85.12:8367 -> my-ip-address:80 Aug 6 19:19:32 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:8619 -> my-ip-address:80 Aug 6 19:19:33 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:8735 -> my-ip-address:80 Aug 6 19:19:33 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:8738 -> my-ip-address:80 Aug 6 19:19:33 guard snort[9383]: WEB-CGI-Textcounter CGI access attempt: 200.5.85.12:8740 -> my-ip-address:80 Aug 6 19:19:35 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8852 -> my-ip-address:80 Aug 6 19:19:35 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:8868 -> my-ip-address:80 Aug 6 19:19:36 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8955 -> my-ip-address:80 Aug 6 19:19:36 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:8972 -> my-ip-address:80 Aug 6 19:19:38 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:9067 -> my-ip-address:80 Aug 6 19:19:39 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9174 -> my-ip-address:80 Aug 6 19:19:41 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:9265 -> my-ip-address:80 Aug 6 19:19:42 guard snort[9383]: IIS-CGImail: 200.5.85.12:9117 -> my-ip-address:80 Aug 6 19:19:42 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9372 -> my-ip-address:80 Aug 6 19:19:42 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:9386 -> my-ip-address:80 Aug 6 19:19:43 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9474 -> my-ip-address:80 Aug 6 19:19:45 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:9632 -> my-ip-address:80 Aug 6 19:19:46 guard snort[9383]: IIS-fpcount: 200.5.85.12:9688 -> my-ip-address:80 Aug 6 19:19:49 guard snort[9383]: IIS-bdir: 200.5.85.12:9930 -> my-ip-address:80 Aug 6 19:19:49 guard snort[9383]: WEB-CGI-visadmin.exe: 200.5.85.12:9948 -> my-ip-address:80 Aug 6 19:19:50 guard snort[9383]: IIS-admin: 200.5.85.12:10040 -> my-ip-address:80 Aug 6 19:19:51 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:9985 -> my-ip-address:80 Aug 6 19:19:52 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:10239 -> my-ip-address:80 Aug 6 19:19:52 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:10252 -> my-ip-address:80 Aug 6 19:19:53 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:10343 -> my-ip-address:80 Aug 6 19:19:54 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:10361 -> my-ip-address:80 Aug 6 19:19:54 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:10373 -> my-ip-address:80 Aug 6 19:19:55 guard snort[9383]: IIS-details.idc: 200.5.85.12:10450 -> my-ip-address:80 Aug 6 19:19:57 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:10395 -> my-ip-address:80 Aug 6 19:19:59 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:10814 -> my-ip-address:80 Aug 6 19:20:00 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:10875 -> my-ip-address:80 Aug 6 19:20:01 guard snort[9383]: CVE-1999-0191 - IIS-newdsn: 200.5.85.12:10942 -> my-ip-address:80 Aug 6 19:20:01 guard snort[9383]: WEB-CGI-Aglimpse CGI access attempt: 200.5.85.12:10998 -> my-ip-address:80 Aug 6 19:20:03 guard snort[9383]: WEB-CGI-Wguest CGI access attempt: 200.5.85.12:11142 -> my-ip-address:80 Aug 6 19:20:04 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:11270 -> my-ip-address:80 Aug 6 19:20:05 guard snort[9383]: SCAN - Whisker Stealth- IIS search97 access attempt: 200.5.85.12:11079 -> my-ip-address:80 Aug 6 19:20:06 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:11410 -> my-ip-address:80 Aug 6 19:20:07 guard snort[9383]: WEB-CGI-Bnbform CGI access attempt: 200.5.85.12:11541 -> my-ip-address:80 Aug 6 19:20:09 guard snort[9383]: WEB-MISC - /cgi-bin/jj attempt: 200.5.85.12:11422 -> my-ip-address:80 Aug 6 19:20:12 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:11671 -> my-ip-address:80 Aug 6 19:20:12 guard snort[9383]: WEB-CGI-wwwadmin: 200.5.85.12:11910 -> my-ip-address:80 Aug 6 19:20:12 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:11914 -> my-ip-address:80 Aug 6 19:20:13 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:12003 -> my-ip-address:80 Aug 6 19:20:13 guard snort[9383]: WEB-MISC - wwwboard.pl attempt: 200.5.85.12:12006 -> my-ip-address:80 Aug 6 19:20:13 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:12019 -> my-ip-address:80 Aug 6 19:20:14 guard snort[9383]: WEB-CGI-WWW-SQL CGI access attempt: 200.5.85.12:12106 -> my-ip-address:80 Aug 6 19:20:15 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:12120 -> my-ip-address:80 Aug 6 19:20:15 guard snort[9383]: WEB-CGI-CGI Man access attempt: 200.5.85.12:12130 -> my-ip-address:80 Aug 6 19:20:16 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:12242 -> my-ip-address:80 Aug 6 19:20:16 guard snort[9383]: WEB-CGI-Args CGI access attempt: 200.5.85.12:12246 -> my-ip-address:80 Aug 6 19:20:16 guard snort[9383]: WEB-CGI-NPH-publish CGI access attempt: 200.5.85.12:12264 -> my-ip-address:80 Aug 6 19:20:18 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:12389 -> my-ip-address:80 Aug 6 19:20:19 guard snort[9383]: IDS231 - CVE-1999-0178 - CGI-win-c-sample: 200.5.85.12:12499 -> my-ip-address:80 Aug 6 19:20:19 guard snort[9383]: IDS219 - WEB-CGI-Perl access attempt: 200.5.85.12:12516 -> my-ip-address:80 Aug 6 19:20:20 guard snort[9383]: WEB-CGI-day5datacopier.cgi: 200.5.85.12:12627 -> my-ip-address:80 Aug 6 19:20:20 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:12635 -> my-ip-address:80 Aug 6 19:20:22 guard snort[9383]: WEB-CGI-day5datanotifier.cgi: 200.5.85.12:12726 -> my-ip-address:80 Aug 6 19:20:22 guard snort[9383]: WEB-CGI-CGI pf display access attempt: 200.5.85.12:12738 -> my-ip-address:80 Aug 6 19:20:23 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:12852 -> my-ip-address:80 Aug 6 19:20:26 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:13073 -> my-ip-address:80 Aug 6 19:20:28 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:13195 -> my-ip-address:80 Aug 6 19:22:05 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:6048 -> my-ip-address:80 Aug 6 19:22:05 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:6053 -> my-ip-address:80 Aug 6 19:22:05 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:6055 -> my-ip-address:80 Aug 6 19:22:05 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:6057 -> my-ip-address:80 Aug 6 19:22:07 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:6212 -> my-ip-address:80 Aug 6 19:22:09 guard snort[9383]: WEB-PageService: 200.5.85.12:6385 -> my-ip-address:80 Aug 6 19:22:10 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:6517 -> my-ip-address:80 Aug 6 19:22:10 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:6524 -> my-ip-address:80 Aug 6 19:22:10 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:6216 -> my-ip-address:80 Aug 6 19:22:12 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:6642 -> my-ip-address:80 Aug 6 19:22:12 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:6683 -> my-ip-address:80 Aug 6 19:22:13 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:6779 -> my-ip-address:80 Aug 6 19:22:13 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:6813 -> my-ip-address:80 Aug 6 19:22:15 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:6882 -> my-ip-address:80 Aug 6 19:22:15 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:6957 -> my-ip-address:80 Aug 6 19:22:16 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:7071 -> my-ip-address:80 Aug 6 19:22:16 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:7075 -> my-ip-address:80 Aug 6 19:22:18 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:7248 -> my-ip-address:80 Aug 6 19:22:18 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:6916 -> my-ip-address:80 Aug 6 19:22:19 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:7040 -> my-ip-address:80 Aug 6 19:22:20 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:7090 -> my-ip-address:80 Aug 6 19:22:21 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:7522 -> my-ip-address:80 Aug 6 19:22:21 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:7531 -> my-ip-address:80 Aug 6 19:22:21 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:7577 -> my-ip-address:80 Aug 6 19:22:22 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:7618 -> my-ip-address:80 Aug 6 19:22:23 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:7702 -> my-ip-address:80 Aug 6 19:22:24 guard snort[9383]: CAN-1999-0407 - IIS-aexp2.htr Attempt: 200.5.85.12:7830 -> my-ip-address:80 Aug 6 19:22:24 guard snort[9383]: IIS-CGImail: 200.5.85.12:7836 -> my-ip-address:80 Aug 6 19:22:24 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:7877 -> my-ip-address:80 Aug 6 19:22:25 guard snort[9383]: FrontPage-users.pwd: 200.5.85.12:7914 -> my-ip-address:80 Aug 6 19:22:25 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:7943 -> my-ip-address:80 Aug 6 19:22:26 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:7953 -> my-ip-address:80 Aug 6 19:22:27 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:8052 -> my-ip-address:80 Aug 6 19:22:27 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:8070 -> my-ip-address:80 Aug 6 19:22:28 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:8212 -> my-ip-address:80 Aug 6 19:22:29 guard snort[9383]: WEB-~root: 200.5.85.12:8028 -> my-ip-address:80 Aug 6 19:22:30 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:8353 -> my-ip-address:80 Aug 6 19:22:30 guard snort[9383]: IDS258 - Web cgi get32.exe: 200.5.85.12:8126 -> my-ip-address:80 Aug 6 19:22:31 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:8467 -> my-ip-address:80 Aug 6 19:22:31 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:8490 -> my-ip-address:80 Aug 6 19:22:31 guard snort[9383]: IIS-fpcount: 200.5.85.12:8228 -> my-ip-address:80 Aug 6 19:22:32 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:8554 -> my-ip-address:80 Aug 6 19:22:32 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8597 -> my-ip-address:80 Aug 6 19:22:33 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:8624 -> my-ip-address:80 Aug 6 19:22:33 guard snort[9383]: IIS-bdir: 200.5.85.12:8651 -> my-ip-address:80 Aug 6 19:22:34 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:8761 -> my-ip-address:80 Aug 6 19:22:34 guard snort[9383]: IIS-admin: 200.5.85.12:8776 -> my-ip-address:80 Aug 6 19:22:36 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:8860 -> my-ip-address:80 Aug 6 19:22:36 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:8863 -> my-ip-address:80 Aug 6 19:22:37 guard snort[9383]: IIS-catalog_type: 200.5.85.12:8990 -> my-ip-address:80 Aug 6 19:22:37 guard snort[9383]: WEB-CGI-Textcounter CGI access attempt: 200.5.85.12:9000 -> my-ip-address:80 Aug 6 19:22:37 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:9003 -> my-ip-address:80 Aug 6 19:22:38 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:9130 -> my-ip-address:80 Aug 6 19:22:40 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9265 -> my-ip-address:80 Aug 6 19:22:41 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:9316 -> my-ip-address:80 Aug 6 19:22:41 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:9387 -> my-ip-address:80 Aug 6 19:22:42 guard snort[9383]: IIS-details.idc: 200.5.85.12:9144 -> my-ip-address:80 Aug 6 19:22:42 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:9442 -> my-ip-address:80 Aug 6 19:22:43 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:9517 -> my-ip-address:80 Aug 6 19:22:48 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:9735 -> my-ip-address:80 Aug 6 19:22:49 guard snort[9383]: SCAN - Whisker Stealth- Start Stop Web access attempt: 200.5.85.12:10143 -> my-ip-address:80 Aug 6 19:22:49 guard snort[9383]: WEB-CGI-visadmin.exe: 200.5.85.12:9847 -> my-ip-address:80 Aug 6 19:22:49 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:9863 -> my-ip-address:80 Aug 6 19:22:50 guard snort[9383]: WEB-CGI-Webdist CGI access attempt: 200.5.85.12:10298 -> my-ip-address:80 Aug 6 19:22:50 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:10307 -> my-ip-address:80 Aug 6 19:22:51 guard snort[9383]: CVE-1999-0191 - IIS-newdsn: 200.5.85.12:10320 -> my-ip-address:80 Aug 6 19:22:51 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:10332 -> my-ip-address:80 Aug 6 19:22:52 guard snort[9383]: WEB-CGI-Aglimpse CGI access attempt: 200.5.85.12:10401 -> my-ip-address:80 Aug 6 19:22:52 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:10402 -> my-ip-address:80 Aug 6 19:22:52 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:10405 -> my-ip-address:80 Aug 6 19:22:52 guard snort[9383]: SCAN - Whisker Stealth- IIS search97 access attempt: 200.5.85.12:10422 -> my-ip-address:80 Aug 6 19:22:53 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:10540 -> my-ip-address:80 Aug 6 19:22:55 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:10649 -> my-ip-address:80 Aug 6 19:22:56 guard snort[9383]: WEB-CGI-AT-admin CGI access attempt: 200.5.85.12:10770 -> my-ip-address:80 Aug 6 19:22:56 guard snort[9383]: WEB-MISC - /cgi-bin/jj attempt: 200.5.85.12:10794 -> my-ip-address:80 Aug 6 19:22:58 guard snort[9383]: IIS-codebrowser SDK: 200.5.85.12:10925 -> my-ip-address:80 Aug 6 19:23:01 guard snort[9383]: WEB-CGI-Bnbform CGI access attempt: 200.5.85.12:10900 -> my-ip-address:80 Aug 6 19:23:02 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:11275 -> my-ip-address:80 Aug 6 19:23:02 guard snort[9383]: WEB-CGI-Wguest CGI access attempt: 200.5.85.12:11282 -> my-ip-address:80 Aug 6 19:23:03 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:11391 -> my-ip-address:80 Aug 6 19:23:04 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:11453 -> my-ip-address:80 Aug 6 19:23:06 guard snort[9383]: WEB-CGI-CGI Man access attempt: 200.5.85.12:11587 -> my-ip-address:80 Aug 6 19:23:06 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:11683 -> my-ip-address:80 Aug 6 19:23:07 guard snort[9383]: WEB-CGI-NPH-publish CGI access attempt: 200.5.85.12:11751 -> my-ip-address:80 Aug 6 19:23:08 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:11835 -> my-ip-address:80 Aug 6 19:23:09 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:11879 -> my-ip-address:80 Aug 6 19:23:10 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:11984 -> my-ip-address:80 Aug 6 19:23:10 guard snort[9383]: IDS219 - WEB-CGI-Perl access attempt: 200.5.85.12:11993 -> my-ip-address:80 Aug 6 19:23:11 guard snort[9383]: WEB-CGI-wwwadmin: 200.5.85.12:12087 -> my-ip-address:80 Aug 6 19:23:11 guard snort[9383]: IIS-adctest.asp: 200.5.85.12:12122 -> my-ip-address:80 Aug 6 19:23:12 guard snort[9383]: WEB-MISC - wwwboard.pl attempt: 200.5.85.12:12202 -> my-ip-address:80 Aug 6 19:23:13 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:12239 -> my-ip-address:80 Aug 6 19:23:14 guard snort[9383]: WEB-CGI-day5datacopier.cgi: 200.5.85.12:12304 -> my-ip-address:80 Aug 6 19:23:14 guard snort[9383]: WEB-CGI-WWW-SQL CGI access attempt: 200.5.85.12:12312 -> my-ip-address:80 Aug 6 19:23:14 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:12380 -> my-ip-address:80 Aug 6 19:23:15 guard snort[9383]: WEB-CGI-day5datanotifier.cgi: 200.5.85.12:12448 -> my-ip-address:80 Aug 6 19:23:15 guard snort[9383]: WEB-CGI-Args CGI access attempt: 200.5.85.12:12467 -> my-ip-address:80 Aug 6 19:23:16 guard snort[9383]: WEB-CGI-CGI pf display access attempt: 200.5.85.12:12514 -> my-ip-address:80 Aug 6 19:23:18 guard snort[9383]: IDS231 - CVE-1999-0178 - CGI-win-c-sample: 200.5.85.12:12691 -> my-ip-address:80 Aug 6 19:23:19 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:12501 -> my-ip-address:80 Aug 6 19:23:20 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:12625 -> my-ip-address:80 Aug 6 19:23:22 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:12994 -> my-ip-address:80 Aug 6 19:23:23 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:13114 -> my-ip-address:80 Aug 6 19:23:29 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:13559 -> my-ip-address:80 Aug 6 19:23:29 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:13566 -> my-ip-address:80 Aug 6 19:23:29 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:13578 -> my-ip-address:80 Aug 6 19:23:30 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:13667 -> my-ip-address:80 Aug 6 19:23:30 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:13675 -> my-ip-address:80 Aug 6 19:23:32 guard snort[9383]: WEB-PageService: 200.5.85.12:13780 -> my-ip-address:80 Aug 6 19:23:32 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:13791 -> my-ip-address:80 Aug 6 19:23:32 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:13571 -> my-ip-address:80 Aug 6 19:23:33 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:13918 -> my-ip-address:80 Aug 6 19:23:35 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:14068 -> my-ip-address:80 Aug 6 19:23:36 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:14197 -> my-ip-address:80 Aug 6 19:23:36 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:14200 -> my-ip-address:80 Aug 6 19:23:37 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:14298 -> my-ip-address:80 Aug 6 19:23:38 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:14301 -> my-ip-address:80 Aug 6 19:23:39 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:14411 -> my-ip-address:80 Aug 6 19:23:41 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:14568 -> my-ip-address:80 Aug 6 19:23:42 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:14706 -> my-ip-address:80 Aug 6 19:23:42 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:14568 -> my-ip-address:80 Aug 6 19:23:43 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:14851 -> my-ip-address:80 Aug 6 19:23:44 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:14871 -> my-ip-address:80 Aug 6 19:23:45 guard snort[9383]: FrontPage-authors.pwd: 200.5.85.12:14990 -> my-ip-address:80 Aug 6 19:23:45 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:15024 -> my-ip-address:80 Aug 6 19:23:46 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:15122 -> my-ip-address:80 Aug 6 19:23:47 guard snort[9383]: IDS258 - Web cgi get32.exe: 200.5.85.12:15144 -> my-ip-address:80 Aug 6 19:23:48 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:15261 -> my-ip-address:80 Aug 6 19:23:48 guard snort[9383]: WEB-Domino-domcfg.nsf: 200.5.85.12:15279 -> my-ip-address:80 Aug 6 19:23:48 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:15005 -> my-ip-address:80 Aug 6 19:23:49 guard snort[9383]: WEB-CGI-sendform.cgi: 200.5.85.12:15399 -> my-ip-address:80 Aug 6 19:23:50 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:15414 -> my-ip-address:80 Aug 6 19:23:51 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:15529 -> my-ip-address:80 Aug 6 19:23:53 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:15636 -> my-ip-address:80 Aug 6 19:23:53 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:15643 -> my-ip-address:80 Aug 6 19:23:54 guard snort[9383]: FrontPage-users.pwd: 200.5.85.12:15720 -> my-ip-address:80 Aug 6 19:23:54 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:15759 -> my-ip-address:80 Aug 6 19:23:55 guard snort[9383]: WEB-~root: 200.5.85.12:15826 -> my-ip-address:80 Aug 6 19:23:55 guard snort[9383]: CAN-1999-0407 - IIS-aexp2.htr Attempt: 200.5.85.12:15868 -> my-ip-address:80 Aug 6 19:23:57 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:15938 -> my-ip-address:80 Aug 6 19:23:57 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:15977 -> my-ip-address:80 Aug 6 19:23:58 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:1109 -> my-ip-address:80 Aug 6 19:23:58 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:1117 -> my-ip-address:80 Aug 6 19:23:59 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:15878 -> my-ip-address:80 Aug 6 19:24:00 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:1209 -> my-ip-address:80 Aug 6 19:24:01 guard snort[9383]: IIS-catalog_type: 200.5.85.12:1077 -> my-ip-address:80 Aug 6 19:24:03 guard snort[9383]: IIS-catalog_type: 200.5.85.12:1425 -> my-ip-address:80 Aug 6 19:24:04 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:1536 -> my-ip-address:80 Aug 6 19:24:04 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:1342 -> my-ip-address:80 Aug 6 19:24:04 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:1572 -> my-ip-address:80 Aug 6 19:24:05 guard snort[9383]: IIS-CGImail: 200.5.85.12:1616 -> my-ip-address:80 Aug 6 19:24:06 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:1687 -> my-ip-address:80 Aug 6 19:24:06 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:1734 -> my-ip-address:80 Aug 6 19:24:07 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:1819 -> my-ip-address:80 Aug 6 19:24:08 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:1608 -> my-ip-address:80 Aug 6 19:24:08 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:1947 -> my-ip-address:80 Aug 6 19:24:09 guard snort[9383]: IIS-fpcount: 200.5.85.12:2016 -> my-ip-address:80 Aug 6 19:24:09 guard snort[9383]: WEB-CGI-Textcounter CGI access attempt: 200.5.85.12:2044 -> my-ip-address:80 Aug 6 19:24:11 guard snort[9383]: IIS-bdir: 200.5.85.12:2181 -> my-ip-address:80 Aug 6 19:24:13 guard snort[9383]: WEB-MISC - /cgi-bin/jj attempt: 200.5.85.12:2375 -> my-ip-address:80 Aug 6 19:24:13 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:2392 -> my-ip-address:80 Aug 6 19:24:14 guard snort[9383]: SCAN - Whisker Stealth- Start Stop Web access attempt: 200.5.85.12:2513 -> my-ip-address:80 Aug 6 19:24:14 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:2539 -> my-ip-address:80 Aug 6 19:24:15 guard snort[9383]: IIS-admin: 200.5.85.12:2301 -> my-ip-address:80 Aug 6 19:24:16 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:2666 -> my-ip-address:80 Aug 6 19:24:17 guard snort[9383]: WEB-CGI-Maillist CGI access attempt: 200.5.85.12:2806 -> my-ip-address:80 Aug 6 19:24:18 guard snort[9383]: IIS-ctguestb.idc: 200.5.85.12:2846 -> my-ip-address:80 Aug 6 19:24:20 guard snort[9383]: WEB-CGI-Aglimpse CGI access attempt: 200.5.85.12:3086 -> my-ip-address:80 Aug 6 19:24:22 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:3169 -> my-ip-address:80 Aug 6 19:24:22 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3177 -> my-ip-address:80 Aug 6 19:24:22 guard snort[9383]: IIS-details.idc: 200.5.85.12:3214 -> my-ip-address:80 Aug 6 19:24:23 guard snort[9383]: IDS219 - WEB-CGI-Perl access attempt: 200.5.85.12:3283 -> my-ip-address:80 Aug 6 19:24:24 guard snort[9383]: WEB-CGI-Perlshop CGI access attempt: 200.5.85.12:3411 -> my-ip-address:80 Aug 6 19:24:26 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:3300 -> my-ip-address:80 Aug 6 19:24:26 guard snort[9383]: WEB-CGI-AnyForm2: 200.5.85.12:3581 -> my-ip-address:80 Aug 6 19:24:26 guard snort[9383]: IIS-getdrvrs: 200.5.85.12:3598 -> my-ip-address:80 Aug 6 19:24:27 guard snort[9383]: WEB-CGI-upload.pl: 200.5.85.12:3658 -> my-ip-address:80 Aug 6 19:24:27 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:3661 -> my-ip-address:80 Aug 6 19:24:28 guard snort[9383]: WEB-CGI-AT-admin CGI access attempt: 200.5.85.12:3698 -> my-ip-address:80 Aug 6 19:24:28 guard snort[9383]: CVE-1999-0191 - IIS-newdsn: 200.5.85.12:3718 -> my-ip-address:80 Aug 6 19:24:29 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:3781 -> my-ip-address:80 Aug 6 19:24:29 guard snort[9383]: IIS-codebrowser SDK: 200.5.85.12:3823 -> my-ip-address:80 Aug 6 19:24:29 guard snort[9383]: WEB-CGI-Bnbform CGI access attempt: 200.5.85.12:3833 -> my-ip-address:80 Aug 6 19:24:30 guard snort[9383]: WEB-CGI-visadmin.exe: 200.5.85.12:3888 -> my-ip-address:80 Aug 6 19:24:30 guard snort[9383]: IDS128 - CVE-1999-0067 - CGI phf attempt: 200.5.85.12:3896 -> my-ip-address:80 Aug 6 19:24:31 guard snort[9383]: WEB-CGI-Webdist CGI access attempt: 200.5.85.12:4040 -> my-ip-address:80 Aug 6 19:24:32 guard snort[9383]: SCAN - Whisker Stealth- IIS search97 access attempt: 200.5.85.12:4143 -> my-ip-address:80 Aug 6 19:24:33 guard snort[9383]: WEB-CGI-Webgais CGI access attempt: 200.5.85.12:4193 -> my-ip-address:80 Aug 6 19:24:34 guard snort[9383]: WEB-CGI-Campas CGI access attempt: 200.5.85.12:4275 -> my-ip-address:80 Aug 6 19:24:34 guard snort[9383]: WEB-CGI-Websendmail CGI access attempt: 200.5.85.12:4343 -> my-ip-address:80 Aug 6 19:24:35 guard snort[9383]: IDS234 - WEB-CGI-Cgiwrap CGI access attempt: 200.5.85.12:4436 -> my-ip-address:80 Aug 6 19:24:38 guard snort[9383]: WEB-CGI-Classifieds CGI access attempt: 200.5.85.12:4690 -> my-ip-address:80 Aug 6 19:24:41 guard snort[9383]: IIS-msadc/msadcs.dll: 200.5.85.12:4939 -> my-ip-address:80 Aug 6 19:24:42 guard snort[9383]: WEB-CGI-day5datacopier.cgi: 200.5.85.12:5058 -> my-ip-address:80 Aug 6 19:24:42 guard snort[9383]: IIS-adctest.asp: 200.5.85.12:5060 -> my-ip-address:80 Aug 6 19:24:44 guard snort[9383]: CAN-1999-0736 - IIS-showcode: 200.5.85.12:5159 -> my-ip-address:80 Aug 6 19:24:47 guard snort[9383]: WEB-Domino-names.nsf: 200.5.85.12:5409 -> my-ip-address:80 Aug 6 19:24:51 guard snort[9383]: WEB-CGI-bb-hist.sh: 200.5.85.12:5720 -> my-ip-address:80 Aug 6 19:24:57 guard snort[9383]: WEB-CGI-wwwadmin: 200.5.85.12:6235 -> my-ip-address:80 Aug 6 19:24:58 guard snort[9383]: WEB-MISC - wwwboard.pl attempt: 200.5.85.12:6356 -> my-ip-address:80 Aug 6 19:25:00 guard snort[9383]: WEB-CGI-WWW-SQL CGI access attempt: 200.5.85.12:6459 -> my-ip-address:80 Aug 6 19:25:01 guard snort[9383]: WEB-CGI-Args CGI access attempt: 200.5.85.12:6567 -> my-ip-address:80 Aug 6 19:25:08 guard snort[9383]: IDS231 - CVE-1999-0178 - CGI-win-c-sample: 200.5.85.12:7063 -> my-ip-address:80 Aug 6 19:25:14 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:7583 -> my-ip-address:80 Aug 6 19:25:14 guard snort[9383]: WEB-CGI-dumpenv.pl: 200.5.85.12:7588 -> my-ip-address:80 Aug 6 19:25:15 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:7595 -> my-ip-address:80 Aug 6 19:25:16 guard snort[9383]: IDS248 - Web-Frontpage fourdots request: 200.5.85.12:7724 -> my-ip-address:80 Aug 6 19:25:16 guard snort[9383]: WEB-CGI-Edit CGI access attempt: 200.5.85.12:7736 -> my-ip-address:80 Aug 6 19:25:18 guard snort[9383]: WEB-PageService: 200.5.85.12:7842 -> my-ip-address:80 Aug 6 19:25:18 guard snort[9383]: WEB-CGI-Upload CGI access attempt: 200.5.85.12:7591 -> my-ip-address:80 Aug 6 19:25:20 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8040 -> my-ip-address:80 Aug 6 19:25:21 guard snort[9383]: WEB-CGI-Environ CGI access attempt: 200.5.85.12:8087 -> my-ip-address:80 Aug 6 19:25:23 guard snort[9383]: WEB-CGI-Faxsurvey probe: 200.5.85.12:8197 -> my-ip-address:80 Aug 6 19:25:24 guard snort[9383]: WEB-CGI-Filemail CGI access attempt: 200.5.85.12:8311 -> my-ip-address:80 Aug 6 19:25:26 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:8434 -> my-ip-address:80 Aug 6 19:25:26 guard snort[9383]: WEB-CGI-Rguest CGI access attempt: 200.5.85.12:8437 -> my-ip-address:80 Aug 6 19:25:26 guard snort[9383]: WEB-MISC-AuthChangeUrl: 200.5.85.12:8241 -> my-ip-address:80 Aug 6 19:25:27 guard snort[9383]: WEB-CGI-rwwwshell CGI access attempt: 200.5.85.12:8558 -> my-ip-address:80 Aug 6 19:25:27 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:8561 -> my-ip-address:80 Aug 6 19:25:27 guard snort[9383]: IIS-_vti_inf: 200.5.85.12:8580 -> my-ip-address:80 Aug 6 19:25:29 guard snort[9383]: FrontPage-administrators.pwd: 200.5.85.12:8682 -> my-ip-address:80 Aug 6 19:25:30 guard snort[9383]: IDS226 - CVE-1999-0172 - CGI-formmail: 200.5.85.12:8836 -> my-ip-address:80 Aug 6 19:25:31 guard snort[9383]: CVE-1999-0278 - IIS-asp: 200.5.85.12:8882 -> my-ip-address:80 Aug 6 19:25:32 guard snort[9383]: FrontPage-service.pwd: 200.5.85.12:8991 -> my-ip-address:80 Aug 6 19:25:34 guard snort[9383]: WEB-Domino-domcfg.nsf: 200.5.85.12:9134 -> my-ip-address:80 Aug 6 19:25:35 guard snort[9383]: WEB-CGI-Files CGI access attempt: 200.5.85.12:9218 -> my-ip-address:80 Aug 6 19:25:36 guard snort[9383]: WEB-etc/passwd: 200.5.85.12:9274 -> my-ip-address:80 Aug 6 19:25:37 guard snort[9383]: FrontPage-users.pwd: 200.5.85.12:9332 -> my-ip-address:80 Aug 6 19:25:40 guard snort[9383]: WEB-CGI-Survey CGI access attempt: 200.5.85.12:9337 -> my-ip-address:80 Aug 6 19:25:41 guard snort[9383]: WEB-~root: 200.5.85.12:9447 -> my-ip-address:80 Aug 6 19:25:42 guard snort[9383]: IDS258 - Web cgi get32.exe: 200.5.85.12:9792 -> my-ip-address:80 Aug 6 19:25:43 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:9820 -> my-ip-address:80 Aug 6 19:25:44 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:9905 -> my-ip-address:80 Aug 6 19:25:46 guard snort[9383]: IIS-_Site Server Config: 200.5.85.12:9830 -> my-ip-address:80 Aug 6 19:25:47 guard snort[9383]: IIS-catalog_type: 200.5.85.12:10160 -> my-ip-address:80 Aug 6 19:25:48 guard snort[9383]: IIS-achg.htr Attempt: 200.5.85.12:9999 -> my-ip-address:80 Aug 6 19:25:49 guard snort[9383]: IIS-catalog_type: 200.5.85.12:10274 -> my-ip-address:80 Aug 6 19:25:49 guard snort[9383]: CAN-1999-0407 - IIS-aexp.htr Attempt: 200.5.85.12:10321 -> my-ip-address:80 Aug 6 19:25:50 guard snort[9383]: IIS-carbo.dll: 200.5.85.12:10367 -> my-ip-address:80 Aug 6 19:25:51 guard snort[9383]: CAN-1999-0407 - IIS-aexp2.htr Attempt: 200.5.85.12:10417 -> my-ip-address:80 Aug 6 19:25:51 guard snort[9383]: IIS-CGImail: 200.5.85.12:10250 -> my-ip-address:80 Aug 6 19:25:52 guard snort[9383]: CAN-1999-0407 - IIS-aexp2b.htr Attempt: 200.5.85.12:10556 -> my-ip-address:80 Aug 6 19:25:53 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:10620 -> my-ip-address:80 Aug 6 19:25:53 guard snort[9383]: WEB-MISC-convert.bas Attempt: 200.5.85.12:10623 -> my-ip-address:80 Aug 6 19:25:53 guard snort[9383]: IIS-iisadmpwd: 200.5.85.12:10698 -> my-ip-address:80 Aug 6 19:25:54 guard snort[9383]: IDS235 - CVE-1999-0148 - CGI-HANDLERprobe!: 200.5.85.12:10761 -> my-ip-address:80 Aug 6 19:25:55 guard snort[9383]: CAN-1999-0407 - IIS-aexp4.htr Attempt: 200.5.85.12:10821 -> my-ip-address:80 Aug 6 19:25:56 guard snort[9383]: IIS-fpcount: 200.5.85.12:10909 -> my-ip-address:80 Aug 6 19:25:56 guard snort[9383]: CAN-1999-0407 - IIS-aexp4b.htr Attempt: 200.5.85.12:10951 -> my-ip-address:80 Aug 6 19:25:57 guard snort[9383]: WEB-CGI-Htmlscript CGI access attempt: 200.5.85.12:11020 -> my-ip-address:80 Aug 6 19:25:58 guard snort[9383]: CAN-1999-0407 - IIS-anot.htr Attempt: 200.5.85.12:11100 -> my-ip-address:80 Aug 6 19:25:59 guard snort[9383]: CAN-1999-0407 - IIS-anot3.htr Attempt: 200.5.85.12:11232 -> my-ip-address:80 Aug 6 19:26:00 guard snort[9383]: WEB-CGI-Info2 www CGI access attempt: 200.5.85.12:11292 -> my-ip-address:80 Aug 6 19:26:00 guard snort[9383]: SCAN - Whisker Stealth- Start Stop Web access attempt: 200.5.85.12:11308 -> my-ip-address:80 Aug 6 19:26:00 guard snort[9383]: IIS-bdir: 200.5.85.12:11051 -> my-ip-address:80 Aug 6 19:26:01 guard snort[9383]: IDS237 - Web-Frontpage .htw: 200.5.85.12:11356 -> my-ip-address:80 Aug 6 19:26:02 guard snort[9383]: IIS-admin: 200.5.85.12:11435 -> my-ip-address:80 Aug 6 19:26:02 guard snort[9383]: CVE-1999-0449 - IIS-codebrowser Exair: 200.5.85.12:11480 -> my-ip-address:80 Aug 6 19:36:30 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:2580 -> my-ip-address:80 Aug 6 19:36:31 guard snort[9383]: IDS218 - CVE-1999-0070 - TEST-CGI probe: 200.5.85.12:2685 -> my-ip-address:80 Aug 6 19:37:49 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:8493 -> my-ip-address:80 Aug 6 19:38:34 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:11698 -> my-ip-address:80 Aug 6 19:39:15 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:14491 -> my-ip-address:80 Aug 6 19:39:36 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:15916 -> my-ip-address:80 Aug 6 19:40:05 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:3085 -> my-ip-address:80 Aug 6 19:40:45 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:6078 -> my-ip-address:80 Aug 6 19:40:59 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:7201 -> my-ip-address:80 Aug 6 19:41:22 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:8893 -> my-ip-address:80 Aug 6 19:41:47 guard snort[9383]: IDS221 - CVE-1999-0612 - Finger CGI access attempt: 200.5.85.12:10824 -> my-ip-address:80 Aug 6 19:55:26 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:11952 -> my-ip-address:80 Aug 6 19:55:38 guard snort[9383]: IDS228 - CVE-1999-0237 - Guestbook CGI access attempt: 200.5.85.12:12532 -> my-ip-address:80 Aug 6 19:58:22 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:9244 -> my-ip-address:80 Aug 6 19:58:23 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:9262 -> my-ip-address:80 Aug 6 19:59:24 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:13883 -> my-ip-address:80 Aug 6 19:59:25 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:13904 -> my-ip-address:80 Aug 6 19:59:25 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:13905 -> my-ip-address:80 Aug 6 19:59:25 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:13909 -> my-ip-address:80 Aug 6 20:00:04 guard snort[9383]: IDS224 - CVE-1999-0045 - NPH CGI access attempt: 200.5.85.12:2002 -> my-ip-address:80 Aug 6 20:01:12 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7254 -> my-ip-address:80 Aug 6 20:01:14 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7464 -> my-ip-address:80 Aug 6 20:01:14 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7488 -> my-ip-address:80 Aug 6 20:01:16 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7602 -> my-ip-address:80 Aug 6 20:01:19 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7769 -> my-ip-address:80 Aug 6 20:01:19 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7800 -> my-ip-address:80 Aug 6 20:01:21 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7944 -> my-ip-address:80 Aug 6 20:01:22 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:7962 -> my-ip-address:80 Aug 6 20:01:23 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8073 -> my-ip-address:80 Aug 6 20:01:24 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8123 -> my-ip-address:80 Aug 6 20:01:25 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8160 -> my-ip-address:80 Aug 6 20:01:25 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8244 -> my-ip-address:80 Aug 6 20:01:26 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8291 -> my-ip-address:80 Aug 6 20:01:27 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8364 -> my-ip-address:80 Aug 6 20:01:27 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8397 -> my-ip-address:80 Aug 6 20:01:29 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8472 -> my-ip-address:80 Aug 6 20:01:29 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8517 -> my-ip-address:80 Aug 6 20:01:30 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8583 -> my-ip-address:80 Aug 6 20:01:32 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8701 -> my-ip-address:80 Aug 6 20:01:34 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:8829 -> my-ip-address:80 Aug 6 20:01:41 guard snort[9383]: IDS270 - WEB MISC - Netscape dir index wp: 200.5.85.12:9268 -> my-ip-address:80
Current thread:
- Attacks from 200.5.85.12 (proxied for 209.13.224.183) Dan Hollis (Aug 07)