[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:07.671773 24.186.148.24:1497 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:7796 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x12A2CF3C Ack: 0x5E43B46D Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:08.020265 24.186.148.24:1501 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:7806 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x12A6D0F1 Ack: 0x5EF4E94A Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:11.680224 24.186.148.24:1560 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x12DD5D53 Ack: 0x5F2E6A4D Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:14.969071 24.186.148.24:1604 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:8052 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x130BE85F Ack: 0x5F0AEAFB Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:24.265944 24.186.148.24:1741 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:8444 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x139480BA Ack: 0x5FC19079 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-03:54:30.921302 24.186.148.24:1787 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:8659 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x13C29BAE Ack: 0x5FF63172 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-03:54:43.627339 24.186.148.24:1952 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9041 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x146DCC66 Ack: 0x60C73201 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:53.029527 24.186.148.24:2098 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9285 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x150AA19D Ack: 0x61403FD6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:53.170125 24.186.148.24:2099 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9291 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x150BA62B Ack: 0x60B84160 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:56.538469 24.186.148.24:2143 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9387 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1536C5FB Ack: 0x6157A94E Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:56.645340 24.186.148.24:2148 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9398 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x153B1218 Ack: 0x61DFC24D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:56.751435 24.186.148.24:2150 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9406 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x153CE6F8 Ack: 0x61939B44 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:56.879126 24.186.148.24:2151 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9413 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x153E3CE2 Ack: 0x61AD118F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:56.974627 24.186.148.24:2154 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9422 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x154100AC Ack: 0x61AF92E9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:54:59.920821 24.186.148.24:2154 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9501 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x154100AC Ack: 0x61AF92E9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:55:03.070714 24.186.148.24:2190 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9595 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x15672AEB Ack: 0x618CAA5C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-03:55:03.410220 24.186.148.24:2226 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:9608 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x158CDA9A Ack: 0x61CB53F8 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:15.955340 24.186.148.24:3182 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:14781 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x5E37C5BA Ack: 0x893A4B7E Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:16.070598 24.186.148.24:3186 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:14792 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x5E3B49FC Ack: 0x896387CE Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:19.622232 24.186.148.24:3230 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:14894 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5E688012 Ack: 0x89F08C4C Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:29.049907 24.186.148.24:3364 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15250 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5EEF2379 Ack: 0x8A56EE87 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:29.200750 24.186.148.24:3368 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15259 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5EF33358 Ack: 0x89DA0ACA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-19:54:29.359942 24.186.148.24:3371 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15272 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5EF5EF89 Ack: 0x89BCD35C Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-19:54:29.502479 24.186.148.24:3372 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15283 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5EF781F6 Ack: 0x8A7E7E2B Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:38.910607 24.186.148.24:3486 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15583 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x5F70BB20 Ack: 0x8AEACAD4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.291262 24.186.148.24:3533 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15692 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5FA1B82E Ack: 0x8BC0DAEB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.438491 24.186.148.24:3534 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15698 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5FA348EF Ack: 0x8C3235C6 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.567125 24.186.148.24:3536 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15708 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5FA573FA Ack: 0x8BC367D3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.697813 24.186.148.24:3539 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15719 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5FA81C24 Ack: 0x8C5924D6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.842623 24.186.148.24:3541 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15727 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x5FAA6337 Ack: 0x8C71C398 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:42.979090 24.186.148.24:3543 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15733 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5FAC1B5C Ack: 0x8BF93B4E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:43.090329 24.186.148.24:3545 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15741 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x5FAE1F29 Ack: 0x8C2E604D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:54:46.565526 24.186.148.24:3588 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:15836 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5FD986E1 Ack: 0x8CAC6C4C Win: 0x4470 TcpLen: 20 |