[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:05.581796 24.114.7.121:4475 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:11620 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x8E9825D0 Ack: 0x5CF526C8 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:11.161978 24.114.7.121:4593 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:12095 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x8F00A2BA Ack: 0x5D48FE0B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:19.606026 24.114.7.121:4791 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:12915 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8FAA6AB7 Ack: 0x5CF0C51B Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:29.076647 24.114.7.121:3100 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:13819 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x905B7DA9 Ack: 0x5DB6DF36 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:33.035258 24.114.7.121:3100 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:14160 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x905B7DA9 Ack: 0x5DB6DF36 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-19:57:38.340869 24.114.7.121:3229 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:14606 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x90D15517 Ack: 0x5E26C223 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:11.342030 24.114.7.121:4651 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3033 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6ACD0D70 Ack: 0x86E56B18 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:14.322657 24.114.7.121:4651 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3187 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6ACD0D70 Ack: 0x86E56B18 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:15.963261 24.114.7.121:4707 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3279 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x6B0801EE Ack: 0x879AF63B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:16.224137 24.114.7.121:4711 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3304 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6B0BCD56 Ack: 0x878D6D1F Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:16.488833 24.114.7.121:4718 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3328 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6B1195B7 Ack: 0x872C8F4C Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:19.433034 24.114.7.121:4718 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3471 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6B1195B7 Ack: 0x872C8F4C Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:19.937577 24.114.7.121:4766 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3485 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6B417700 Ack: 0x86FED93D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/06-00:39:20.200961 24.114.7.121:4770 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3496 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6B45EB01 Ack: 0x87CE3005 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/06-00:39:20.471762 24.114.7.121:4772 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3513 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6B483798 Ack: 0x87763205 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:20.705101 24.114.7.121:4775 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3521 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x6B4B9C0C Ack: 0x8740988C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:24.383713 24.114.7.121:4834 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3763 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6B836387 Ack: 0x880817E2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:24.611918 24.114.7.121:4842 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:3789 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6B8A2CEA Ack: 0x8727C953 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:34.191745 24.114.7.121:3022 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4377 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6C0CB373 Ack: 0x885B14A5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:37.728154 24.114.7.121:3064 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4578 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6C35F023 Ack: 0x88AA66DE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:37.962864 24.114.7.121:3066 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4595 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6C38E848 Ack: 0x88775556 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:38.149265 24.114.7.121:3071 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4606 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C3D312C Ack: 0x889E6130 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:41.237975 24.114.7.121:3071 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4678 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C3D312C Ack: 0x889E6130 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:41.539897 24.114.7.121:3097 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4701 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x6C5BAF23 Ack: 0x8867DAC6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-00:39:45.075645 24.114.7.121:3147 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:4914 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C8EC929 Ack: 0x89268FFF Win: 0x4470 TcpLen: 20 |