[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:06:54.986507 24.199.188.226:3700 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:58218 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xDF2070A1 Ack: 0x7963A408 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:06:57.940688 24.199.188.226:3700 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:58633 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xDF2070A1 Ack: 0x7963A408 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:03.217989 24.199.188.226:4013 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:59401 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xE02B40EB Ack: 0x79915D96 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:03.680486 24.199.188.226:4032 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:59474 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE03ABCA0 Ack: 0x79B07E2E Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:13.242540 24.199.188.226:4379 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:60672 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE15E0E29 Ack: 0x7A1F9B3B Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:16.758616 24.199.188.226:4505 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:61109 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE1C7C58B Ack: 0x7A9DEF57 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/15-22:07:23.378864 24.199.188.226:4610 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:61744 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE221E86D Ack: 0x7B1112EE Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/15-22:07:27.088411 24.199.188.226:4842 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:62248 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE2E828D4 Ack: 0x7AE55790 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:27.447402 24.199.188.226:4853 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:62291 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xE2F0E8E9 Ack: 0x7B65BEA5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:36.912447 24.199.188.226:3216 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:63612 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE4293903 Ack: 0x7C021E25 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:37.166872 24.199.188.226:3221 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:63628 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE42E4EEB Ack: 0x7C0F1DE1 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:37.400551 24.199.188.226:3224 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:63656 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE4318F7F Ack: 0x7C55BF20 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:40.905042 24.199.188.226:3363 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64169 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE4A882D6 Ack: 0x7B9BFB82 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:41.084581 24.199.188.226:3371 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64195 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xE4AEF74F Ack: 0x7C0D74F5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:41.293849 24.199.188.226:3378 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64216 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE4B432B4 Ack: 0x7C78E531 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:41.515359 24.199.188.226:3385 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64251 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xE4BAB44D Ack: 0x7C1B21F0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:41.748614 24.199.188.226:3396 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64282 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE4C37CBC Ack: 0x7C2B51F6 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/15-22:07:44.857317 24.199.188.226:3396 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:64544 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE4C37CBC Ack: 0x7C2B51F6 Win: 0x4470 TcpLen: 20 |