[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:05:54.824824 24.161.94.61:4659 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:24227 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x45ACF053 Ack: 0x50BB1B35 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:05:57.262315 24.161.94.61:4718 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:24432 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x45DFA99F Ack: 0x50879C73 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:09.014247 24.161.94.61:1062 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:25417 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x46F7E547 Ack: 0x52661FE3 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:20.325339 24.161.94.61:1395 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:26332 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4817F43A Ack: 0x53BAB57D Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:22.579236 24.161.94.61:1443 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:26523 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4842A2B5 Ack: 0x53C7D26F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/23-02:06:27.440390 24.161.94.61:1591 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:26888 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x48C3F08B Ack: 0x53C7734A Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/23-02:06:29.650551 24.161.94.61:1641 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:27032 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x48F04E27 Ack: 0x53DC3C23 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:31.922461 24.161.94.61:1697 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:27212 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x491FEEBD Ack: 0x5418E4B9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:42.843878 24.161.94.61:2001 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:27999 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4A23FD92 Ack: 0x545A64E0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:48.289165 24.161.94.61:2131 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:28363 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4A98F2CD Ack: 0x5485D291 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:53.729892 24.161.94.61:2260 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:28723 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4B0ADA3D Ack: 0x556B5D43 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:55.935349 24.161.94.61:2315 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:28881 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4B3C21A0 Ack: 0x55A6A8E2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:06:58.192815 24.161.94.61:2378 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29030 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x4B744394 Ack: 0x55558C2B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:07:00.211439 24.161.94.61:2430 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29155 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4BA0897F Ack: 0x5603ED84 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:07:01.406583 24.161.94.61:2479 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29244 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x4BCD1C8F Ack: 0x55AE06DD Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-02:07:06.719947 24.161.94.61:2608 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:29644 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4C3E0430 Ack: 0x560F4D3E Win: 0x4470 TcpLen: 20 |