[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:40.954839 24.165.15.145:4591 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:20351 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6420D020 Ack: 0x472997C1 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:45.315183 24.165.15.145:4815 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:21169 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x64DA0C2D Ack: 0x46CE8E3F Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:49.133950 24.165.15.145:4858 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:21834 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x64FC542A Ack: 0x478AA28D Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:52.877264 24.165.15.145:1182 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:22495 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x65FA6B1F Ack: 0x47E3DD02 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:57.195337 24.165.15.145:1354 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23210 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6687DDB7 Ack: 0x4801A4C6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-21:02:58.114782 24.165.15.145:1379 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23373 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x669BED6B Ack: 0x48358999 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-21:02:58.864845 24.165.15.145:1410 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23512 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x66B5EA20 Ack: 0x48273ADD Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:02:59.662259 24.165.15.145:1429 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23646 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x66C5F8A5 Ack: 0x482F0607 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:00.079763 24.165.15.145:1446 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23712 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x66D5947C Ack: 0x4858C1DF Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:04.002911 24.165.15.145:1584 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24318 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x674CDF39 Ack: 0x482A1C08 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:07.736277 24.165.15.145:1693 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24815 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x67AB8092 Ack: 0x48C42968 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:08.173966 24.165.15.145:1714 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24859 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x67BAC631 Ack: 0x4827D445 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:08.546938 24.165.15.145:1720 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24893 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x67C0B1C2 Ack: 0x48B4C322 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:12.143086 24.165.15.145:1830 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25357 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x68214C04 Ack: 0x48716B1E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:12.520648 24.165.15.145:1847 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25388 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x682F8D7A Ack: 0x48F2E54E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-21:03:22.733169 24.165.15.145:2273 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26819 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x698FE03F Ack: 0x491BBBD1 Win: 0x4470 TcpLen: 20 |