[**] [1:2925:2] INFO web bug 0x0 gif attempt [**]
[Classification: Misc activity] [Priority: 3] 
04/29-10:20:22.146899 80.15.238.104:80 -> 158.196.158.78:48241
TCP TTL:63 TOS:0x0 ID:52437 IpLen:20 DgmLen:279 DF
***AP*** Seq: 0x813E2D87  Ack: 0x568BDC00  Win: 0x1920  TcpLen: 32
TCP Options (3) => NOP NOP TS: 188277081 562211300 

[**] [1:2925:2] INFO web bug 0x0 gif attempt [**]
[Classification: Misc activity] [Priority: 3] 
04/29-10:20:22.363496 212.3.243.133:80 -> 158.196.158.78:48242
TCP TTL:63 TOS:0x0 ID:59158 IpLen:20 DgmLen:297 DF
***AP*** Seq: 0x9478067C  Ack: 0x5636B713  Win: 0x1920  TcpLen: 32
TCP Options (3) => NOP NOP TS: 188277103 562211322 

[**] [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**]
04/29-11:01:16.467311 158.196.149.56:0 -> 158.196.158.78:0
UDP TTL:3 TOS:0xE ID:9018 IpLen:20 DgmLen:58
UDP header truncated

[**] [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**]
04/29-11:01:16.476444 158.196.149.56:0 -> 158.196.158.78:0
UDP TTL:3 TOS:0xE ID:242 IpLen:20 DgmLen:48
UDP header truncated

[**] [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**]
04/29-11:01:16.482363 158.196.149.56:0 -> 158.196.158.78:0
TCP TTL:3 TOS:0xE ID:9500 IpLen:20 DgmLen:63 DF
TCP header truncated

[**] [1:1142:5] WEB-MISC /.... access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.504229 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:36 IpLen:20 DgmLen:89
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.513291 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:40 IpLen:20 DgmLen:412
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1156:9] WEB-MISC apache directory disclosure attempt [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.532902 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:61
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/2503]

[**] [1:1139:7] WEB-MISC whisker HEAD/./ [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.549802 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:47
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html]

[**] [1:1141:10] WEB-MISC handler access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.558702 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:57
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10100][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0148][Xref => http://www.securityfocus.com/bid/380][Xref => http://www.whitehats.com/info/IDS235]

[**] [1:1163:11] WEB-CGI webdist.cgi access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.570829 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:61
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10299][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0039][Xref => http://www.securityfocus.com/bid/374]

[**] [1:1119:7] WEB-MISC mlog.phtml access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.579499 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:51
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0346][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0068][Xref => http://www.securityfocus.com/bid/713]

[**] [1:1120:8] WEB-MISC mylog.phtml access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.590718 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:52
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0346][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0068][Xref => http://www.securityfocus.com/bid/713]

[**] [1:935:6] WEB-COLDFUSION startstop DOS access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:01:16.602834 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:77
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/247]

[**] [1:913:5] WEB-COLDFUSION cfappman access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.611438 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:60
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/550]

[**] [1:1168:8] WEB-MISC mall log order access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.621890 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:66
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0606][Xref => http://www.securityfocus.com/bid/2266]

[**] [1:1212:5] WEB-MISC Admin_files access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.630732 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:63
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20

[**] [1:853:9] WEB-CGI wrap access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.642830 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:54
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10317][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0149][Xref => http://www.securityfocus.com/bid/373][Xref => http://www.whitehats.com/info/IDS234]

[**] [1:886:11] WEB-CGI phf access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.651397 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:67
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0067][Xref => http://www.securityfocus.com/bid/629][Xref => http://www.whitehats.com/info/IDS128]

[**] [1:1242:10] WEB-IIS ISAPI .ida access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.691425 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:63
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:975:12] WEB-IIS Alternate Data streams ASP file access attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:01:16.701809 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:72
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20
[Xref => http://support.microsoft.com/default.aspx?scid=kb\;EN-US\;q188806][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10362][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0278][Xref => http://www.securityfocus.com/bid/149]

[**] [1:1002:7] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:01:16.719457 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:69
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20

[**] [1:1002:7] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:01:16.730335 158.196.149.56:2731 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:53233 IpLen:20 DgmLen:69
***AP*** Seq: 0x6BAC3707  Ack: 0x3D081195  Win: 0x200  TcpLen: 20

[**] [1:953:7] WEB-FRONTPAGE administrators.pwd access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.750910 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:81
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1205]

[**] [1:1141:10] WEB-MISC handler access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.758962 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:69
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10100][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0148][Xref => http://www.securityfocus.com/bid/380][Xref => http://www.whitehats.com/info/IDS235]

[**] [1:1122:5] WEB-MISC /etc/passwd [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.767443 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:82
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.767443 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:82
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.767443 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:82
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:832:11] WEB-CGI perl.exe access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.776671 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:70
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-1996-11.html][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10173][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0509][Xref => http://www.whitehats.com/info/IDS219]

[**] [1:1024:8] WEB-IIS newdsn.exe access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.785475 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:78
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10360][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0191][Xref => http://www.securityfocus.com/bid/1818]

[**] [1:1030:7] WEB-IIS search97.vts access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:01:16.793783 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:66
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/162]

[**] [1:993:10] WEB-IIS iisadmin access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:01:16.802649 158.196.149.56:1564 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:48414 IpLen:20 DgmLen:62
***AP*** Seq: 0x613E1EC8  Ack: 0x24893C49  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1538][Xref => http://www.securityfocus.com/bid/189]

[**] [1:249:8] DDOS mstream client to handler [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.816430 158.196.149.56:1745 -> 158.196.158.78:15104
TCP TTL:3 TOS:0x0 ID:15433 IpLen:20 DgmLen:40
******S* Seq: 0x3F466EFC  Ack: 0x613E1EC8  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138][Xref => http://www.whitehats.com/info/IDS111]

[**] [1:246:2] DDOS mstream agent pong to handler [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.859569 158.196.149.56:1688 -> 158.196.158.78:10498
UDP TTL:3 TOS:0x0 ID:28412 IpLen:20 DgmLen:32
Len: 4

[**] [1:245:3] DDOS mstream handler ping to agent [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.873398 158.196.149.56:1653 -> 158.196.158.78:10498
UDP TTL:3 TOS:0x0 ID:28412 IpLen:20 DgmLen:32
Len: 4
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138]

[**] [1:244:3] DDOS mstream handler to agent [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.891456 158.196.149.56:1734 -> 158.196.158.78:10498
UDP TTL:3 TOS:0x0 ID:28412 IpLen:20 DgmLen:35
Len: 7
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138]

[**] [1:243:2] DDOS mstream agent to handler [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:16.905666 158.196.149.56:1595 -> 158.196.158.78:6838
UDP TTL:3 TOS:0x0 ID:28412 IpLen:20 DgmLen:37
Len: 9

[**] [122:1:0] (portscan) TCP Portscan [**]
04/29-11:01:16.916090 158.196.149.56 -> 158.196.158.78
PROTO255 TTL:0 TOS:0x0 ID:48414 IpLen:20 DgmLen:166

[**] [1:223:3] DDOS Trin00 Daemon to Master PONG message detected [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:16.929574 158.196.149.56:1588 -> 158.196.158.78:31335
UDP TTL:3 TOS:0x0 ID:28412 IpLen:20 DgmLen:32
Len: 4
[Xref => http://www.whitehats.com/info/IDS187]

[**] [122:17:0] (portscan) UDP Portscan [**]
04/29-11:01:16.957471 158.196.149.56 -> 158.196.158.78
PROTO255 TTL:0 TOS:0x0 ID:28412 IpLen:20 DgmLen:167

[**] [1:239:2] DDOS shaft handler to agent [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:17.995297 158.196.149.56:1719 -> 158.196.158.78:18753
UDP TTL:3 TOS:0x0 ID:16795 IpLen:20 DgmLen:39
Len: 11
[Xref => http://www.whitehats.com/info/IDS255]

[**] [1:240:2] DDOS shaft agent to handler [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-11:01:18.010471 158.196.149.56:1632 -> 158.196.158.78:20433
UDP TTL:3 TOS:0x0 ID:16795 IpLen:20 DgmLen:33
Len: 5
[Xref => http://www.whitehats.com/info/IDS256]

[**] [1:1971:4] FTP SITE EXEC format string attempt [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/29-11:01:19.068989 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:62
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20

[**] [1:361:15] FTP SITE EXEC attempt [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/29-11:01:19.068989 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:62
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0955][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0080][Xref => http://www.securityfocus.com/bid/2241][Xref => http://www.whitehats.com/info/IDS317]

[**] [1:2417:1] FTP format string attempt [**]
[Classification: A suspicious string was detected] [Priority: 3] 
04/29-11:01:19.068989 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:62
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20

[**] [1:361:15] FTP SITE EXEC attempt [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/29-11:01:19.078040 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:69
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0955][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0080][Xref => http://www.securityfocus.com/bid/2241][Xref => http://www.whitehats.com/info/IDS317]

[**] [1:336:10] FTP CWD ~root attempt [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/29-11:01:19.106850 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:49
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0082][Xref => http://www.whitehats.com/info/IDS318]

[**] [1:1672:11] FTP CWD ~ attempt [**]
[Classification: Detection of a Denial of Service Attack] [Priority: 2] 
04/29-11:01:19.106850 158.196.149.56:2552 -> 158.196.158.78:21
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:49
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0421][Xref => http://www.securityfocus.com/bid/9215][Xref => http://www.securityfocus.com/bid/2601]

[**] [1:714:7] TELNET resolv_host_conf [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-11:01:19.200782 158.196.149.56:2552 -> 158.196.158.78:23
TCP TTL:3 TOS:0x0 ID:35924 IpLen:20 DgmLen:56
***AP*** Seq: 0x4ACDFD8E  Ack: 0x319A214B  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0170][Xref => http://www.securityfocus.com/bid/2181][Xref => http://www.whitehats.com/info/IDS369]

[**] [1:624:7] SCAN SYN FIN [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:19.277729 158.196.149.56:1718 -> 158.196.158.78:80
TCP TTL:3 TOS:0x0 ID:8523 IpLen:20 DgmLen:40
******SF Seq: 0x5AD08EF8  Ack: 0x4ACDFD8E  Win: 0x200  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS198]

[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3] 
04/29-11:01:33.487518 158.196.149.56 -> 158.196.158.78
ICMP TTL:3 TOS:0x0 ID:23782 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
1.2.3.4:0 -> 5.6.7.8:0
TCP TTL:64 TOS:0x0 ID:25305 IpLen:20 DgmLen:28
Seq: 0x8EFC1  Ack: 0xA8099EC
** END OF DUMP

[**] [1:477:2] ICMP Source Quench [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/29-11:01:36.516465 158.196.149.56 -> 158.196.158.78
ICMP TTL:3 TOS:0x0 ID:4359 IpLen:20 DgmLen:56
Type:4  Code:0  SOURCE QUENCH

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:37.561593 158.196.149.56 -> 158.196.158.78
ICMP TTL:3 TOS:0x0 ID:13741 IpLen:20 DgmLen:28
Type:8  Code:0  ID:63842   Seq:0  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:660:10] SMTP expn root [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:42.663967 158.196.149.56:1139 -> 158.196.158.78:25
TCP TTL:3 TOS:0x0 ID:39427 IpLen:20 DgmLen:49
***AP*** Seq: 0xA7AB309  Ack: 0x6C69AF0D  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10249][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0531][Xref => http://www.whitehats.com/info/IDS31]

[**] [1:659:9] SMTP expn decode [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:42.672227 158.196.149.56:1139 -> 158.196.158.78:25
TCP TTL:3 TOS:0x0 ID:39427 IpLen:20 DgmLen:51
***AP*** Seq: 0xA7AB309  Ack: 0x6C69AF0D  Win: 0x200  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10248][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0096][Xref => http://www.whitehats.com/info/IDS32]

[**] [1:663:14] SMTP rcpt to command attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-11:01:42.710001 158.196.149.56:1139 -> 158.196.158.78:25
TCP TTL:3 TOS:0x0 ID:39427 IpLen:20 DgmLen:50
***AP*** Seq: 0xA7AB309  Ack: 0x6C69AF0D  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0095][Xref => http://www.securityfocus.com/bid/1][Xref => http://www.whitehats.com/info/IDS172]

[**] [1:1411:10] SNMP public access udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.756425 158.196.149.56:1596 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:34
Len: 6
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0517][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088][Xref => http://www.securityfocus.com/bid/2112]

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.756425 158.196.149.56:1596 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:34
Len: 6
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1413:10] SNMP private access udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.772210 158.196.149.56:1713 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:35
Len: 7
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/7212][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.772210 158.196.149.56:1713 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:35
Len: 7
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1413:10] SNMP private access udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.785271 158.196.149.56:1658 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:39
Len: 11
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/7212][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.785271 158.196.149.56:1658 -> 158.196.158.78:161
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:39
Len: 11
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:1419:9] SNMP trap udp [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/29-11:01:44.802313 158.196.149.56:1631 -> 158.196.158.78:162
UDP TTL:3 TOS:0x0 ID:23530 IpLen:20 DgmLen:46
Len: 18
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012][Xref => http://www.securityfocus.com/bid/4132][Xref => http://www.securityfocus.com/bid/4089][Xref => http://www.securityfocus.com/bid/4088]

[**] [1:649:8] SHELLCODE x86 setgid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
04/29-11:16:11.272487 158.196.220.90:1949 -> 158.196.158.78:48736
TCP TTL:62 TOS:0x8 ID:28871 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECE97CFF  Ack: 0xC9063BA  Win: 0x16A0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1523398 562546219 
[Xref => http://www.whitehats.com/info/IDS284]

[**] [1:2925:2] INFO web bug 0x0 gif attempt [**]
[Classification: Misc activity] [Priority: 3] 
04/29-11:35:34.868410 208.185.101.168:80 -> 158.196.158.78:49025
TCP TTL:63 TOS:0x0 ID:56305 IpLen:20 DgmLen:247 DF
***AP*** Seq: 0xBAE7183F  Ack: 0x71673441  Win: 0x1B1D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 188728308 562662541 

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:06.441530 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52101 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E8098  Ack: 0xC7B6216F  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563331736 2308918 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [1:2546:5] FTP MDTM overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-13:27:06.442485 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52102 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E8102  Ack: 0xC7B6217A  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563331736 2308919 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=12080][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0330][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-1021][Xref => http://www.securityfocus.com/bid/9751]

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:06.442485 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52102 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E8102  Ack: 0xC7B6217A  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563331736 2308919 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [1:2392:7] FTP RETR overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-13:27:06.443316 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52103 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E816C  Ack: 0xC7B6218E  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563331736 2308919 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0298][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0287][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0466][Xref => http://www.securityfocus.com/bid/8315]

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:06.443316 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52103 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E816C  Ack: 0xC7B6218E  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563331736 2308919 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:17.637729 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52109 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E81DC  Ack: 0xC7B622E2  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563332855 2310038 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [1:2546:5] FTP MDTM overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-13:27:17.639078 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52110 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E8246  Ack: 0xC7B622ED  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563332855 2310038 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=12080][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0330][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-1021][Xref => http://www.securityfocus.com/bid/9751]

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:17.639078 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52110 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E8246  Ack: 0xC7B622ED  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563332855 2310038 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [1:2392:7] FTP RETR overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
04/29-13:27:17.640693 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52111 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E82B0  Ack: 0xC7B62301  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563332855 2310038 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0298][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0287][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0466][Xref => http://www.securityfocus.com/bid/8315]

[**] [1:1748:8] FTP command overflow attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/29-13:27:17.640693 158.196.158.78:49387 -> 158.196.220.90:21
TCP TTL:64 TOS:0x0 ID:52111 IpLen:20 DgmLen:158 DF
***AP*** Seq: 0x133E82B0  Ack: 0xC7B62301  Win: 0x1D50  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563332855 2310038 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0606][Xref => http://www.securityfocus.com/bid/4638]

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
04/29-13:31:23.977232 158.196.158.78:49539 -> 194.213.62.41:80
TCP TTL:64 TOS:0x0 ID:13321 IpLen:20 DgmLen:1003 DF
***AP*** Seq: 0x26BC1337  Ack: 0xABC1E804  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563357489 189422956 

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
04/29-13:31:30.390380 158.196.158.78:49543 -> 194.213.62.41:80
TCP TTL:64 TOS:0x0 ID:41359 IpLen:20 DgmLen:1000 DF
***AP*** Seq: 0x26E08840  Ack: 0x18ACA97F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563358130 189423597 

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
04/29-13:31:35.973146 158.196.158.78:49547 -> 194.213.62.41:80
TCP TTL:64 TOS:0x0 ID:44135 IpLen:20 DgmLen:996 DF
***AP*** Seq: 0x27048785  Ack: 0x6809A5DA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563358689 189424155 

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
04/29-13:31:38.730932 158.196.158.78:49550 -> 194.213.62.43:80
TCP TTL:64 TOS:0x0 ID:61142 IpLen:20 DgmLen:994 DF
***AP*** Seq: 0x2722C221  Ack: 0x1FFF57A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563358964 189424431