[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:08:58.337972 24.203.10.194:4385 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38207 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xF2A7150E Ack: 0xECF2E46F Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:08:59.218054 24.203.10.194:4400 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38280 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xF2B5CFD9 Ack: 0xECCBBD6F Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:02.889132 24.203.10.194:4497 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38622 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xF30697AD Ack: 0xEDB66F51 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:03.096526 24.203.10.194:4500 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38642 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xF309D6F2 Ack: 0xED9CA4C4 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:06.786754 24.203.10.194:4539 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38735 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF333A34C Ack: 0xEE1BEB36 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-12:09:06.988270 24.203.10.194:4542 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38750 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xF3368B41 Ack: 0xEDB85FA5 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-12:09:07.200795 24.203.10.194:4547 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38765 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xF33AE7C2 Ack: 0xEDB1B216 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:07.384065 24.203.10.194:4551 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38774 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xF33E5E92 Ack: 0xEE28C852 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:07.634417 24.203.10.194:4554 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38788 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xF34102DD Ack: 0xEDBEFA7D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:07.826481 24.203.10.194:4559 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38800 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xF34597BA Ack: 0xEDCE8ABE Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:07.995643 24.203.10.194:4562 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38812 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xF347E533 Ack: 0xED7ACD59 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:11.394008 24.203.10.194:4600 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38918 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xF3700F00 Ack: 0xED7D5399 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:11.598532 24.203.10.194:4601 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38934 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xF371B601 Ack: 0xEE55E923 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:11.784292 24.203.10.194:4604 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:38939 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF374F22B Ack: 0xEDF8F8B4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:14.737910 24.203.10.194:4604 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:39325 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF374F22B Ack: 0xEDF8F8B4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:14.933386 24.203.10.194:4698 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:39331 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xF3C637B4 Ack: 0xEE3DC3E9 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-12:09:18.467491 24.203.10.194:4746 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:39484 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF3F6EC43 Ack: 0xEE66AF1D Win: 0xFAF0 TcpLen: 20 |