[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:11.758553 24.203.221.5:4010 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:4079 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xEB3C5879 Ack: 0x7F36A724 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:16.551715 24.203.221.5:4085 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:4806 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xEB7A9B37 Ack: 0x7FF70E9B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:26.892893 24.203.221.5:4616 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6592 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xED2F87A4 Ack: 0x8041D97D Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:30.810515 24.203.221.5:4786 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7172 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xEDA60E76 Ack: 0x80C12B62 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:31.159243 24.203.221.5:4828 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7265 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xEDBD26B6 Ack: 0x80E08A93 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-19:49:31.760453 24.203.221.5:4863 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7330 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xEDCC617A Ack: 0x80378CF7 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-19:49:35.374390 24.203.221.5:1106 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7884 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xEE4C3E45 Ack: 0x805E6F58 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:36.088355 24.203.221.5:1118 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7998 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xEE565F62 Ack: 0x80D045C7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:36.791754 24.203.221.5:1155 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8091 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xEE73AA9C Ack: 0x814EB843 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:37.196255 24.203.221.5:1179 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8185 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xEE87A346 Ack: 0x812236E6 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:47.214223 24.203.221.5:1551 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:9596 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xEFB51356 Ack: 0x810B3D35 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:47.432062 24.203.221.5:1563 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:9635 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xEFC05929 Ack: 0x82087945 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:51.085978 24.203.221.5:1690 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:10102 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xF02CEC82 Ack: 0x814B9D8C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:54.110876 24.203.221.5:1690 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:10486 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xF02CEC82 Ack: 0x814B9D8C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:49:57.701008 24.203.221.5:1800 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:10970 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF08DC220 Ack: 0x8192ADDE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:50:03.688933 24.203.221.5:1800 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:11815 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF08DC220 Ack: 0x8192ADDE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:50:07.078409 24.203.221.5:2270 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:12349 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xF2196492 Ack: 0x824D36F1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-19:50:07.696915 24.203.221.5:2287 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:12421 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xF2277CB4 Ack: 0x82D58C8C Win: 0x4470 TcpLen: 20 |