[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:00.512778 24.126.120.88:1076 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:6035 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xB0E610D7 Ack: 0xC01030E3 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:04.413787 24.126.120.88:1362 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:6663 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xB1D4A64B Ack: 0xC0E12369 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:05.999487 24.126.120.88:1419 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:6907 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB1FFFE1B Ack: 0xC0CA4804 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:07.659826 24.126.120.88:1479 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:7143 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB230119F Ack: 0xC0913BD6 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:21.496828 24.126.120.88:1880 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:9258 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB3872FB3 Ack: 0xC1C39946 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-23:32:22.945129 24.126.120.88:2054 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:9515 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB4194BF7 Ack: 0xC1EA26A8 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-23:32:33.455674 24.126.120.88:2443 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:11192 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB55F5CB8 Ack: 0xC2BBE19E Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:34.938859 24.126.120.88:2490 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:11456 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xB584B0F0 Ack: 0xC2463223 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:32:45.224757 24.126.120.88:2561 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:13273 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB5C035B4 Ack: 0xC263A37C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:07.786753 24.126.120.88:3769 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:17016 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB9B5F8BD Ack: 0xC44E7AC5 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:12.280651 24.126.120.88:3831 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:17738 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB9ECD922 Ack: 0xC52A4CED Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:13.693392 24.126.120.88:4005 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:18021 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBA7E2B8B Ack: 0xC5807149 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:24.057162 24.126.120.88:4419 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:19772 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xBBCBEB82 Ack: 0xC6AD08DE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:25.683433 24.126.120.88:4472 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:20046 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBBF98DD5 Ack: 0xC648328B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:27.248994 24.126.120.88:4536 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:20301 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xBC2FEA8F Ack: 0xC692B649 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-23:33:28.695548 24.126.120.88:4607 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:20578 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBC67608A Ack: 0xC6A1B094 Win: 0x4470 TcpLen: 20 |