[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:00.225145 24.28.27.201:1150 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:56736 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x3B48DEF9 Ack: 0xD3AA75C2 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:00.668351 24.28.27.201:1160 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:56799 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x3B51C253 Ack: 0xD39DFD7E Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:03.935477 24.28.27.201:1218 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:57046 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x3B86F752 Ack: 0xD4312968 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:04.223044 24.28.27.201:1228 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:57090 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x3B8F3C86 Ack: 0xD4BB06EF Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:13.456125 24.28.27.201:1406 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:57922 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3C3246A8 Ack: 0xD51E967D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/13-19:41:16.707081 24.28.27.201:1486 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58272 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x3C79E793 Ack: 0xD4A90593 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/13-19:41:16.935293 24.28.27.201:1489 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58289 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x3C7D9D77 Ack: 0xD545BF42 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:20.137011 24.28.27.201:1564 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58606 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x3CBE27B4 Ack: 0xD4D5CB31 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:20.344363 24.28.27.201:1568 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58624 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CC202A0 Ack: 0xD5931F3B Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:20.524986 24.28.27.201:1577 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58643 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CC95014 Ack: 0xD53F2E0A Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:20.722041 24.28.27.201:1582 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58676 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CCD6CBF Ack: 0xD51E08C4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:20.945401 24.28.27.201:1585 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58700 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CD0A4A7 Ack: 0xD53FBEA4 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:21.160222 24.28.27.201:1587 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58724 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x3CD34343 Ack: 0xD4FC9E8A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:21.349788 24.28.27.201:1592 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:58753 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3CD75A5D Ack: 0xD5AC719D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:24.339012 24.28.27.201:1592 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:59054 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3CD75A5D Ack: 0xD5AC719D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:24.752158 24.28.27.201:1664 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:59100 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x3D1A576E Ack: 0xD5B2BF50 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/13-19:41:28.030483 24.28.27.201:1759 -> 192.168.1.6:80 TCP TTL:113 TOS:0x0 ID:59542 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3D6D0778 Ack: 0xD5A42A54 Win: 0xFAF0 TcpLen: 20 |