[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:33.482212 24.150.22.139:1770 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57779 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x2DC5EC74 Ack: 0x42897195 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:34.268481 24.150.22.139:1795 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57904 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x2DDB7254 Ack: 0x4297DDD0 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:34.471557 24.150.22.139:1803 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57931 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x2DE22DCC Ack: 0x431A7DEE Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:34.681111 24.150.22.139:1810 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57968 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x2DE8B0C3 Ack: 0x434E4C1B Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:47.540668 24.150.22.139:2212 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:60293 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2F334127 Ack: 0x4346A6EA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/13-11:08:47.876679 24.150.22.139:2386 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:60363 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2FBB6E1F Ack: 0x43D77CAB Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/13-11:08:51.624837 24.150.22.139:2413 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61036 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2FD1C6C0 Ack: 0x43AE4FE2 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:51.820379 24.150.22.139:2512 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61071 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x3026B546 Ack: 0x43843FF1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:52.073693 24.150.22.139:2521 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61120 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x302E268D Ack: 0x442C9646 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:52.337220 24.150.22.139:2529 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61177 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x30341993 Ack: 0x43821DF4 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:52.555936 24.150.22.139:2535 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61224 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3038D83B Ack: 0x4388AB66 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:52.835959 24.150.22.139:2547 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61283 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x30428BD9 Ack: 0x43EEBD88 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:53.024302 24.150.22.139:2557 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61326 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x304AE472 Ack: 0x443FD837 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:56.033078 24.150.22.139:2557 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61960 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x304AE472 Ack: 0x443FD837 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:56.476287 24.150.22.139:2670 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:62055 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x30AF9E9E Ack: 0x44101CA2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:59.379871 24.150.22.139:2670 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:62649 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x30AF9E9E Ack: 0x44101CA2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:08:59.830054 24.150.22.139:2748 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:62728 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x30F3A399 Ack: 0x43E8F91A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-11:09:00.078519 24.150.22.139:2762 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:62783 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x30FED51A Ack: 0x44854C83 Win: 0x4470 TcpLen: 20 |