[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-02:27:36.659054 24.130.75.33:1905 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:40787 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xCD1C03FF Ack: 0x596FCC0B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-02:27:37.852122 24.130.75.33:1943 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:40905 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xCD3E2E9F Ack: 0x597E7BBF Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-02:27:41.669948 24.130.75.33:1951 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:41321 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCD45FEE9 Ack: 0x5947BB47 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-02:27:42.564309 24.130.75.33:2057 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:41377 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCD9F35F4 Ack: 0x59C55691 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-02:27:56.020712 24.130.75.33:2076 -> 192.168.1.6:80 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136 ***AP*** Seq: 0x59FEF31F Ack: 0xCDAF2760 Win: 0x16D0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-21:14:04.895768 24.130.75.33:4684 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:10100 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x67DB4B2 Ack: 0xB6652513 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-21:14:16.028350 24.130.75.33:4719 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:10887 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x69E76EE Ack: 0xB7023A01 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-21:14:19.877996 24.130.75.33:4954 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:11235 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7763CEE Ack: 0xB75B3667 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-17:42:49.470944 24.130.75.33:3057 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:14621 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6F3B8BA2 Ack: 0xD62DB1C6 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-17:42:57.729398 24.130.75.33:3207 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:14956 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x6FD33B16 Ack: 0xD6214451 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-17:43:01.739043 24.130.75.33:3223 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:15093 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6FE33639 Ack: 0xD6CEE10A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-17:43:02.963723 24.130.75.33:3273 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:15133 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7016BB09 Ack: 0xD6745C99 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-17:43:07.485147 24.130.75.33:3337 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:15314 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x705928CB Ack: 0xD6D7ACC5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/08-17:43:13.999388 24.130.75.33:3400 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:15654 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x7095F015 Ack: 0xD807DB84 Win: 0x4470 TcpLen: 20 |