[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:18.111839 24.167.224.150:3399 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56057 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x92ED9D44 Ack: 0x85E8D188 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:18.742680 24.167.224.150:3409 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56093 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x92F6DD3D Ack: 0x86B80756 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:28.349347 24.167.224.150:3531 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56430 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x9376CD1D Ack: 0x86ED6177 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:28.549679 24.167.224.150:3535 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56440 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x937AF58A Ack: 0x873F8967 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:28.780595 24.167.224.150:3539 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56451 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x937EC648 Ack: 0x875803B9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/26-20:41:29.016650 24.167.224.150:3541 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56469 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x9380CE1F Ack: 0x872EDB89 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/26-20:41:32.511620 24.167.224.150:3613 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56705 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x93BFC1CB Ack: 0x86BA6363 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:36.023741 24.167.224.150:3674 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56870 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x93F68671 Ack: 0x873BBC70 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:36.235446 24.167.224.150:3677 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:56885 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x93F97C14 Ack: 0x878F943A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:45.680082 24.167.224.150:3819 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57321 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x948471AB Ack: 0x88399DC8 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:45.926156 24.167.224.150:3824 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57337 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x948961BC Ack: 0x87A157F7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:46.122923 24.167.224.150:3829 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57345 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x948D5BED Ack: 0x8852D123 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:55.592957 24.167.224.150:3957 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57725 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x950BE332 Ack: 0x8825F495 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:58.516276 24.167.224.150:3957 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57825 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x950BE332 Ack: 0x8825F495 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:58.795054 24.167.224.150:3994 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57835 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x95337ADC Ack: 0x88B70233 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:41:58.991017 24.167.224.150:3996 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57848 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x95358F1A Ack: 0x88E8D9BF Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-20:42:02.423014 24.167.224.150:4045 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:57993 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9565C847 Ack: 0x88E53473 Win: 0x4470 TcpLen: 20 |