[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:15.711387 24.148.73.90:2090 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:44432 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xE692FFA5 Ack: 0xA1031CEE Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:18.028588 24.148.73.90:2148 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:44774 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xE6C7ED2C Ack: 0xA02D17E3 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:23.063256 24.148.73.90:2396 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:45589 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE78FF7D3 Ack: 0xA0F2471D Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:25.231601 24.148.73.90:2438 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:45956 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE7B7073F Ack: 0xA1910EC7 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:29.912168 24.148.73.90:2699 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:46744 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE8857F7E Ack: 0xA16D01C6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-14:04:31.519352 24.148.73.90:2874 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:46908 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE911CF1D Ack: 0xA1DE5414 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-14:04:33.470998 24.148.73.90:2917 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:47242 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE9367F71 Ack: 0xA11B513A Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:35.212085 24.148.73.90:2994 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:47575 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xE973FF11 Ack: 0xA1EA19E2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:36.714761 24.148.73.90:3134 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:47714 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE9E25415 Ack: 0xA1851790 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-14:04:38.561346 24.148.73.90:3170 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:48025 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xEA02D1D0 Ack: 0xA1875ACC Win: 0x4470 TcpLen: 20 |