[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-20:45:19.535591 24.203.122.222:3035 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:38368 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x49D14933 Ack: 0xD6C1F7B8 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-20:45:24.672868 24.203.122.222:3063 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:39006 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x49EF27E5 Ack: 0xD6677784 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-20:45:29.854822 24.203.122.222:3251 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:39568 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4A8E4461 Ack: 0xD6F196B2 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/23-20:45:32.387725 24.203.122.222:3431 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:39822 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4B18464A Ack: 0xD7CA5CA4 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/23-20:45:46.279615 24.203.122.222:3856 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:41557 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4C745CAA Ack: 0xD7BE997A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/23-20:45:51.251172 24.203.122.222:4005 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:42126 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4CF67602 Ack: 0xD81A87A3 Win: 0xFAF0 TcpLen: 20 |