[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:10.480227 24.171.142.32:2547 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23547 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x2EE9892 Ack: 0xAF04F23B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:10.974476 24.171.142.32:2563 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23588 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x2FC94F3 Ack: 0xAEA2C7B4 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:11.310141 24.171.142.32:2578 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:23619 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x3083A9C Ack: 0xAE936B34 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:20.699905 24.171.142.32:2957 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24578 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x43ED406 Ack: 0xAF2EE52D Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:21.030763 24.171.142.32:2971 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24621 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x44A23F9 Ack: 0xAF8FBA7D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/05-02:34:21.388745 24.171.142.32:2986 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24669 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4568F3A Ack: 0xAEED44CE Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/05-02:34:21.858001 24.171.142.32:3006 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24737 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x466E5F2 Ack: 0xAFA1069F Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:22.240090 24.171.142.32:3023 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24791 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x4743311 Ack: 0xAF003EB2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:22.777320 24.171.142.32:3052 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:24871 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x48BE37A Ack: 0xAF1C485F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:25.990664 24.171.142.32:3069 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25297 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x49A7422 Ack: 0xAFDF8AFB Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:26.375979 24.171.142.32:3221 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25321 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x51354A9 Ack: 0xAFED2BE9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:35.860137 24.171.142.32:3618 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26357 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x65A7896 Ack: 0xB08E7417 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:36.207438 24.171.142.32:3639 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26395 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x66A055F Ack: 0xAFFFA10C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:36.520765 24.171.142.32:3650 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26419 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x67156F2 Ack: 0xAFE7E40D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:39.492478 24.171.142.32:3650 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26696 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x67156F2 Ack: 0xAFE7E40D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:39.879839 24.171.142.32:3781 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26744 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x6DF4CF8 Ack: 0xB0F56022 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/05-02:34:40.260248 24.171.142.32:3794 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26791 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6EB3131 Ack: 0xB08C51A6 Win: 0x4470 TcpLen: 20 |