[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-22:59:46.380125 24.112.153.44:4332 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:40916 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x5E33ABA Ack: 0xCF86B125 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-22:59:47.382630 24.112.153.44:4366 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:40974 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x600A034 Ack: 0xD04CE838 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-22:59:57.241156 24.112.153.44:4511 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:41422 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x692468C Ack: 0xD0E160B9 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:06.985412 24.112.153.44:4649 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:41862 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x71D2239 Ack: 0xD165C550 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:16.735783 24.112.153.44:4783 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42246 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7A6C0F5 Ack: 0xD16DE100 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/31-23:00:17.192151 24.112.153.44:4787 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42256 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x7AB9E91 Ack: 0xD1ECB375 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/31-23:00:17.690109 24.112.153.44:4793 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42279 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x7B1C6A1 Ack: 0xD1A022DB Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:18.194012 24.112.153.44:4796 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42307 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x7B5FA0B Ack: 0xD1CC7BF1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:21.908388 24.112.153.44:4846 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42425 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7E6BA8C Ack: 0xD24CDE60 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:22.430015 24.112.153.44:4851 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42449 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7EB6E37 Ack: 0xD2639D36 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:35.426867 24.112.153.44:3037 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42921 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8721948 Ack: 0xD2D4D01C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:35.949500 24.112.153.44:3069 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:42942 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x897649F Ack: 0xD2EC4839 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:37.137345 24.112.153.44:3101 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:43004 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x8B2C63C Ack: 0xD3524BC9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:37.557718 24.112.153.44:3105 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:43019 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8B60E7C Ack: 0xD365257E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:37.935222 24.112.153.44:3110 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:43043 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x8BC3F9B Ack: 0xD360248B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/31-23:00:38.409970 24.112.153.44:3113 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:43066 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8C063C9 Ack: 0xD3437396 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:20:28.900530 24.112.153.44:3198 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:5064 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x7E0E975 Ack: 0x55527D Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:20:38.507877 24.112.153.44:3299 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:5572 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x8439134 Ack: 0xCABC47 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:20:44.969986 24.112.153.44:3416 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:5890 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8BEA237 Ack: 0x1D2A2F1 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:20:47.322085 24.112.153.44:3462 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6014 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8EBDBA3 Ack: 0x13576A8 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:20:50.321844 24.112.153.44:3490 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6142 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9095632 Ack: 0x1768036 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/01-00:20:56.658650 24.112.153.44:3580 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6499 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x963D8F5 Ack: 0x294C622 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/01-00:20:59.244366 24.112.153.44:3616 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6632 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x98842AC Ack: 0x2C70756 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:01.771658 24.112.153.44:3657 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6764 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x9AF886E Ack: 0x2CE1E74 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:04.201287 24.112.153.44:3691 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6900 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9D1292D Ack: 0x22FF04F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:06.637641 24.112.153.44:3724 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7029 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9F4610A Ack: 0x29BBDB8 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:17.341678 24.112.153.44:3891 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7605 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA9BE363 Ack: 0x3634FA9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:23.131947 24.112.153.44:3915 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7899 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xAB329A7 Ack: 0x350BC18 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:35.036660 24.112.153.44:4114 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8514 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xB7DCE0C Ack: 0x45BC90A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:37.322602 24.112.153.44:4147 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8632 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB9EF374 Ack: 0x4AE1490 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:39.652474 24.112.153.44:4147 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8753 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB9EF374 Ack: 0x4AE1490 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:42.486646 24.112.153.44:4219 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8882 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xBE6D54E Ack: 0x56C4D3B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/01-00:21:51.100104 24.112.153.44:4292 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:9326 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC33561B Ack: 0x5463692 Win: 0x4470 TcpLen: 20 |