begins: Sun Aug 19 23:37:10 2001
ends  : Mon Aug 20 08:36:54 2001
source: syslog:/usr/tardis/vault/snort/snort-20010820.0

* Alerts

================================================================
    %  # prio description                                       
================================================================
60.87 14 med  IDS552/web-iis_IIS ISAPI Overflow ida             
21.74  5 med  IDS118/scan_Traceroute ICMP                       
 8.70  2      IDS243/web-cgi-pipe                               
 4.35  1      IDS278/dns_named-probe-version                    
 4.35  1 low  IDS296/web-misc http-whisker-splicing attack-space

===============================================================================
# remote host                     prio description                             
===============================================================================
2 lhr.skitter.caida.org           med  IDS118/scan_Traceroute ICMP             
2 uoregon.skitter.caida.org       med  IDS118/scan_Traceroute ICMP             
2 61.154.12.10                    med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 waikato.skitter.caida.org       med  IDS118/scan_Traceroute ICMP             
1 63.169.45.12                         IDS243/web-cgi-pipe                     
1 PPP-200-7-175.bng.vsnl.net.in        IDS243/web-cgi-pipe                     
1 210.108.181.1                        IDS278/dns_named-probe-version          
1 204.133.181.6                   low  IDS296/web-misc http-whisker-splicing   
                                       attack-space                            
1 138.87.217.80                   med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 203.68.161.230                  med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 204.133.181.6                   med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 206.251.228.69                  med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 24-148-14-172....1stcentury.net med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 24-196-235-122...er-georgia.com med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 atr-0015.unm.edu                med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 dialup-209.245...es1.Level3.net med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 pD901836B.dip.t-dialin.net      med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 s211-49-60-227.thrunet.ne.kr    med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 slip-129-37-44....us.prserv.net med  IDS552/web-iis_IIS ISAPI Overflow ida   
1 st188.dhcp.ttu.edu              med  IDS552/web-iis_IIS ISAPI Overflow ida   

====================================================================
# local host prio description                                       
====================================================================
6 tardis-b3  med  IDS552/web-iis_IIS ISAPI Overflow ida             
5 tardis-a4  med  IDS552/web-iis_IIS ISAPI Overflow ida             
3 buwaya     med  IDS118/scan_Traceroute ICMP                       
3 tardis-b2  med  IDS552/web-iis_IIS ISAPI Overflow ida             
2 tardis-a4  med  IDS118/scan_Traceroute ICMP                       
2 cyclops         IDS243/web-cgi-pipe                               
1 algol           IDS278/dns_named-probe-version                    
1 tardis-b2  low  IDS296/web-misc http-whisker-splicing attack-space

=================================================================
 # port   prio description                                       
=================================================================
 1 domain      IDS278/dns_named-probe-version                    
14 http   med  IDS552/web-iis_IIS ISAPI Overflow ida             
 2 http        IDS243/web-cgi-pipe                               
 1 http   low  IDS296/web-misc http-whisker-splicing attack-space

Note: 'port' is destination port, only traffic with local
      destination is considered.

--
snort-rep 1.5 (dws@ee.ethz.ch)