[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:01.580886 24.191.37.113:3564 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62726 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x5C36ACB3 Ack: 0xC811A3F3 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:01.817322 24.191.37.113:3567 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62742 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x5C39FE38 Ack: 0xC757D971 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:01.936412 24.191.37.113:3571 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62751 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5C3C5CDB Ack: 0xC78DB4C8 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:02.062717 24.191.37.113:3574 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62768 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5C3EA98C Ack: 0xC829D38B Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:02.216036 24.191.37.113:3578 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62779 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5C429C21 Ack: 0xC788E8A5 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/12-15:04:02.356729 24.191.37.113:3585 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62798 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5C47FD5B Ack: 0xC78E3A19 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/12-15:04:02.477013 24.191.37.113:3587 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62807 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5C49E2FF Ack: 0xC78F62C5 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:02.606274 24.191.37.113:3589 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62816 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x5C4BE637 Ack: 0xC76D50FE Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:02.770779 24.191.37.113:3597 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62832 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5C51F0D2 Ack: 0xC78EFF5E Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:02.909802 24.191.37.113:3600 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62849 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5C5491B5 Ack: 0xC820166C Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:03.036231 24.191.37.113:3603 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62859 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5C57B22F Ack: 0xC79BCB24 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:03.153084 24.191.37.113:3605 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:62868 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x5C59D906 Ack: 0xC7A32CA1 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:06.633531 24.191.37.113:3709 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:63135 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x5CB16C81 Ack: 0xC79C8A32 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:06.760891 24.191.37.113:3713 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:63150 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5CB4B9B6 Ack: 0xC8907A8C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:09.777559 24.191.37.113:3713 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:63327 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5CB4B9B6 Ack: 0xC8907A8C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:09.890178 24.191.37.113:3795 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:63341 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x5CFA9097 Ack: 0xC87284EF Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/12-15:04:10.008706 24.191.37.113:3802 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:63352 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5CFF7C75 Ack: 0xC7FC494A Win: 0xFAF0 TcpLen: 20 |