[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-02:06:59.565927 24.148.85.85:1895 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:44174 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x4A93EA0B Ack: 0xC9140306 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-02:06:59.611128 24.148.85.85:1895 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:44175 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x4A93EFBF Ack: 0xC9140306 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-16:45:22.679817 24.148.85.85:3146 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:36412 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x5A8775D4 Ack: 0xBC74DAFC Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-16:45:23.145663 24.148.85.85:3264 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:36426 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x5AED164E Ack: 0xBC6B8843 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-16:45:23.400645 24.148.85.85:3265 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:36438 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5AEE8C6E Ack: 0xBC84834D Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:04:59.531135 24.148.85.85:2098 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:48544 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x17DB5ADE Ack: 0xE7C54085 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:20.907414 24.148.85.85:2748 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:50729 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x1A0DE19E Ack: 0xE992ABE5 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:21.110392 24.148.85.85:2751 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:50748 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1A111BB6 Ack: 0xE95A3E35 Win: 0x4470 TcpLen: 20 |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-18:05:33.728383 24.148.85.85:3001 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:51887 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x1AECD7A8 Ack: 0xEA0A1B9F Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-18:05:33.922882 24.148.85.85:3061 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:51895 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x1B26FB82 Ack: 0xEA6704EE Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:34.142405 24.148.85.85:3062 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:51904 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x1B2872DE Ack: 0xEA02BB63 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:43.420431 24.148.85.85:3314 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:52855 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1C086DD3 Ack: 0xEB7CCAF4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:43.636722 24.148.85.85:3341 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:52863 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1C1DEB9B Ack: 0xEC195D87 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:43.822830 24.148.85.85:3344 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:52873 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1C20CB7A Ack: 0xEB8E1DB3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:47.929043 24.148.85.85:3456 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:53304 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1C844868 Ack: 0xEBD4F79E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:51.315725 24.148.85.85:3463 -> 192.168.1.6:80 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:138 ***AP*** Seq: 0x1C8A3D62 Ack: 0x1C897897 Win: 0x0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:54.612747 24.148.85.85:3659 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:54059 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x1D32DEBB Ack: 0xEC62DC32 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-18:05:57.752204 24.148.85.85:3691 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:54462 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x1D4B3B15 Ack: 0xEC5D94F0 Win: 0x4470 TcpLen: 20 |