[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/14-10:56:04.874158 24.208.193.218:3738 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:53608 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x1DE46B12 Ack: 0x9EF75B07 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/14-10:56:05.818561 24.208.193.218:3747 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:53727 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x1DED8004 Ack: 0x9F2FCD94 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/14-10:56:06.595858 24.208.193.218:3773 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:53856 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1E032E0C Ack: 0x9F51ED20 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/14-10:56:07.318240 24.208.193.218:3786 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:53945 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1E0F6CDF Ack: 0x9F00C384 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:22.608014 24.208.193.218:2998 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:959 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xB8C8780A Ack: 0xACB60BF8 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:22.723527 24.208.193.218:3003 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:975 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xB8CC7545 Ack: 0xAD46B801 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:22.818852 24.208.193.218:3005 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:984 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB8CE18AD Ack: 0xAD442BF6 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:22.890420 24.208.193.218:3008 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:998 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xB8D0DEFF Ack: 0xAD30F335 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.271796 24.208.193.218:3013 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1269 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB8D49359 Ack: 0xACE4F7D7 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/15-09:35:26.340108 24.208.193.218:3094 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1280 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB91B33D2 Ack: 0xAD1AA4C2 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/15-09:35:26.416723 24.208.193.218:3095 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1290 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xB91C927A Ack: 0xACF732F0 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.501796 24.208.193.218:3097 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1308 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xB91E444E Ack: 0xAD0F0374 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.591297 24.208.193.218:3102 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1326 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB92330A9 Ack: 0xAD31B907 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.686023 24.208.193.218:3106 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1342 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB92603E1 Ack: 0xAD240D36 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.774501 24.208.193.218:3108 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1355 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB9284ACA Ack: 0xAD9FED18 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.838657 24.208.193.218:3111 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1367 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xB92ACDE7 Ack: 0xAD760728 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:26.937517 24.208.193.218:3114 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1387 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xB92DA129 Ack: 0xAD6957AD Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:27.010829 24.208.193.218:3117 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1402 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB9306E44 Ack: 0xAD630A78 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:27.086169 24.208.193.218:3120 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1417 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xB932AC63 Ack: 0xACF35D9A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/15-09:35:27.193391 24.208.193.218:3124 -> 192.168.1.6:80 TCP TTL:120 TOS:0x0 ID:1438 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xB936580E Ack: 0xAD45D40D Win: 0xFAF0 TcpLen: 20 |