[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:30.302662 24.243.175.144:3749 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:49344 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xBCA51688 Ack: 0x3CB2D007 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:30.929455 24.243.175.144:3762 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:49404 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xBCB0ABAA Ack: 0x3D25FBD1 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:31.456543 24.243.175.144:3777 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:49461 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xBCBE4F1F Ack: 0x3C70430A Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:32.219687 24.243.175.144:3796 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:49545 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xBCCE33F6 Ack: 0x3CEA2B22 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/07-00:22:42.307878 24.243.175.144:4054 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:50461 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xBDB515B3 Ack: 0x3D7D59D1 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/07-00:22:42.880440 24.243.175.144:4076 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:50519 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xBDC76852 Ack: 0x3DC8D523 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:53.189531 24.243.175.144:4332 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:51504 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xBEA81E54 Ack: 0x3E2E50D5 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:57.580699 24.243.175.144:4460 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:52056 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBF1652A2 Ack: 0x3EA76657 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:58.275678 24.243.175.144:4485 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:52129 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBF2B17DB Ack: 0x3EDDF171 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:22:59.166570 24.243.175.144:4503 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBF3A00A0 Ack: 0x3E1062FB Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:23:02.917076 24.243.175.144:4598 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:52580 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xBF8DE39C Ack: 0x3EB0F0EA Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:23:25.200132 24.243.175.144:1246 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:54498 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xC1594EA1 Ack: 0x3FDE1BCC Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:23:25.937885 24.243.175.144:1263 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:54560 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC1682CB3 Ack: 0x40774F84 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:23:26.754713 24.243.175.144:1285 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:54628 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xC17CDF28 Ack: 0x405F078F Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-00:23:40.157101 24.243.175.144:1559 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:56063 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC27139E4 Ack: 0x4149AFD2 Win: 0xFAF0 TcpLen: 20 |