[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:19.984803 24.201.150.218:4781 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:2459 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x9EBB0DD5 Ack: 0x44DCD667 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:21.312677 24.201.150.218:4816 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:2588 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x9EDCD65A Ack: 0x44CA0DE4 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:25.326239 24.201.150.218:4829 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:2875 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x9EE7EFB4 Ack: 0x45158E66 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:26.383316 24.201.150.218:4899 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:2966 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x9F243352 Ack: 0x451D9063 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:28.121361 24.201.150.218:4923 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3050 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9F3553DD Ack: 0x45218128 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/03-13:57:29.269827 24.201.150.218:4948 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3160 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x9F47DAEC Ack: 0x4515997D Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/03-13:57:30.364357 24.201.150.218:4996 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3268 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x9F5A9443 Ack: 0x45604054 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:31.480480 24.201.150.218:1046 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3380 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x9F70A34F Ack: 0x45118266 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:36.232406 24.201.150.218:1120 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3744 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9FB6B1AC Ack: 0x456A3D4F Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:37.238223 24.201.150.218:1148 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3853 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9FD27535 Ack: 0x454D8E39 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:38.311732 24.201.150.218:1162 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:3950 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9FE0AB5B Ack: 0x45D5DC81 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:39.328216 24.201.150.218:1180 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:4042 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9FF3241D Ack: 0x45C06C51 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:40.391473 24.201.150.218:1197 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:4138 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xA0042B1B Ack: 0x45B14E46 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:41.380028 24.201.150.218:1219 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:4210 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA017EEB2 Ack: 0x465A027A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:44.372258 24.201.150.218:1219 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:4449 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA017EEB2 Ack: 0x465A027A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:46.450748 24.201.150.218:1286 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:4590 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xA057EF21 Ack: 0x464446EF Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/03-13:57:56.609768 24.201.150.218:1450 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:5352 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA0F8E9D6 Ack: 0x46ABF2E3 Win: 0xFAF0 TcpLen: 20 |