[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:05.755259 24.198.148.104:2162 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29432 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74977DD1 Ack: 0xF62F73B0 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:08.009503 24.198.148.104:2247 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29648 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x74DFF043 Ack: 0xF647C936 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:09.825182 24.198.148.104:2286 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:29845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75025B8D Ack: 0xF6CC9B45 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:11.380119 24.198.148.104:2344 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30018 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75353F58 Ack: 0xF69DBE95 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:12.338145 24.198.148.104:2382 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30134 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x75562F05 Ack: 0xF708AD35 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-11:52:13.374533 24.198.148.104:2409 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30260 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x756D6F35 Ack: 0xF7566C1D Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-11:52:14.251928 24.198.148.104:2437 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30359 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75864B45 Ack: 0xF74BD3CB Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:15.221736 24.198.148.104:2466 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30472 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x759F28F3 Ack: 0xF768F2DE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:16.415700 24.198.148.104:2501 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:30584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x75BB5210 Ack: 0xF7B09C34 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:20.791035 24.198.148.104:2613 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:31046 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x761F5B51 Ack: 0xF7DC41ED Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:31.311927 24.198.148.104:2881 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32041 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x770ADBA7 Ack: 0xF837147A Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:33.066724 24.198.148.104:2920 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x772CBE09 Ack: 0xF8025FEE Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:34.853768 24.198.148.104:2953 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x774A1140 Ack: 0xF7F5FC6E Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:36.350464 24.198.148.104:3010 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32511 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x777ADA7B Ack: 0xF7FF56E7 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:37.844923 24.198.148.104:3043 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32647 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x77991D33 Ack: 0xF81DFF90 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:39.332339 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:32810 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60 Ack: 0xF8316DC4 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/27-11:52:41.853327 24.198.148.104:3079 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:33117 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x77B8DF60 Ack: 0xF8316DC4 Win: 0x4470 TcpLen: 20 |
![[Silicon Defense logo]](../../../SDlogo.gif)