[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:16.462901 24.29.173.81:1289 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:54638 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x90A860FC Ack: 0x1E79E65A Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:16.738663 24.29.173.81:1292 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:54650 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x90AB945D Ack: 0x1E7B40D0 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:16.831029 24.29.173.81:1293 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:54659 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x90ACCD34 Ack: 0x1EA2A72E Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:25.991465 24.29.173.81:1528 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:55304 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x917BF073 Ack: 0x1EF38E83 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:35.219517 24.29.173.81:1808 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:56158 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x926E13CD Ack: 0x2018CAF3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/23-00:47:35.321403 24.29.173.81:1815 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:56167 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x927385D5 Ack: 0x1FD6B132 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/23-00:47:44.386373 24.29.173.81:2120 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x9379A744 Ack: 0x20284F82 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:44.454627 24.29.173.81:2123 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57161 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x937C0F07 Ack: 0x20DB0958 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:44.532611 24.29.173.81:2128 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57177 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x937FF156 Ack: 0x208D064B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:47.782719 24.29.173.81:2232 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57450 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x93D7705D Ack: 0x20BA18B0 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:50.972770 24.29.173.81:2232 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57702 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x93D7705D Ack: 0x20BA18B0 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:52.068501 24.29.173.81:2313 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57784 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x9422146E Ack: 0x2061E9D6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:53.174082 24.29.173.81:2343 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57861 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x943CAE5D Ack: 0x21443043 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:54.387551 24.29.173.81:2372 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:57995 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x94578E28 Ack: 0x208EE82E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:54.472902 24.29.173.81:2391 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9469C17B Ack: 0x212D5C63 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:47:54.933643 24.29.173.81:2394 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:58043 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x946B8B96 Ack: 0x20D67645 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/23-00:48:04.035685 24.29.173.81:2647 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:58941 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x95494B7C Ack: 0x21E9C6AA Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:10.220636 24.29.173.81:1854 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:15217 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x89F63F48 Ack: 0x765833DA Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:13.969574 24.29.173.81:1962 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:15804 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x8A54B09E Ack: 0x7683508C Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:14.094369 24.29.173.81:1968 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:15832 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8A59BE8E Ack: 0x772A7E5C Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:14.190848 24.29.173.81:1970 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:15852 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8A5BFE2E Ack: 0x7735DAD2 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:23.300211 24.29.173.81:2205 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:17118 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8B275617 Ack: 0x7729D397 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/24-17:50:23.430169 24.29.173.81:2210 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:17149 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x8B2BC951 Ack: 0x7772309B Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/24-17:50:23.608118 24.29.173.81:2215 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:17179 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x8B30152A Ack: 0x7720FD20 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:23.685440 24.29.173.81:2220 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:17191 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x8B341F35 Ack: 0x77897FAA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:26.841527 24.29.173.81:2299 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:17664 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8B77568E Ack: 0x78010CC5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:29.918958 24.29.173.81:2402 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18195 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8BD2C37C Ack: 0x7788693C Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:30.008035 24.29.173.81:2406 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18221 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8BD52543 Ack: 0x77D52273 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:30.200870 24.29.173.81:2409 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18248 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8BD7D68D Ack: 0x77685A82 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:30.438248 24.29.173.81:2416 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18307 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x8BDD8B1E Ack: 0x7847EA8C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:30.547785 24.29.173.81:2422 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18333 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8BE28ECF Ack: 0x781C41C5 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:30.620728 24.29.173.81:2425 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18352 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x8BE524B2 Ack: 0x78442B63 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:50:33.710456 24.29.173.81:2548 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:18960 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x8C4BF6C4 Ack: 0x7878CFA2 Win: 0x4470 TcpLen: 20 |