[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:03.944052 24.114.38.37:3261 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:9477 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xBEBEFE0D Ack: 0xB684239 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:09.980123 24.114.38.37:3709 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:10216 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xC0296984 Ack: 0xC0DDC1E Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:12.450019 24.114.38.37:3769 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:10784 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC061B701 Ack: 0xBDF359A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:19.463424 24.114.38.37:4009 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:11648 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:22.928338 24.114.38.37:4009 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:12285 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:28.429061 24.114.38.37:4009 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:13086 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:31.015704 24.114.38.37:4457 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:13519 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC2955E7A Ack: 0xD168255 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/19-17:36:43.025349 24.114.38.37:1286 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:15006 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xC45D930B Ack: 0xDBD5552 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/19-17:36:54.954609 24.114.38.37:1833 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:16887 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xC6284EC9 Ack: 0xF4A2071 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:56.978402 24.114.38.37:1873 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:17371 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xC64F018D Ack: 0xF7314F8 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-17:36:59.998720 24.114.38.37:1873 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:17656 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xC64F018D Ack: 0xF7314F8 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |