[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/16-18:12:07.699804 24.237.65.167:4738 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:9952 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x1D8DF12F Ack: 0x8D9A6CB9 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/16-18:12:17.809054 24.237.65.167:1485 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:11462 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x1F2C60A6 Ack: 0x8DBC2C26 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/16-18:12:27.540242 24.237.65.167:1992 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:12917 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x20BC2185 Ack: 0x8E8FFA02 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/16-18:12:36.876096 24.237.65.167:2473 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:14327 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x22396A44 Ack: 0x8F1D72F2 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/16-18:12:46.594925 24.237.65.167:2983 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:15809 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x23CF1E4C Ack: 0x8F51FBA8 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/16-18:12:56.343619 24.237.65.167:3486 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:17297 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x256205DC Ack: 0x8F8C651E Win: 0xFAF0 TcpLen: 20 |