[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:07.034474 24.34.222.52:4888 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:307 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x9631937D Ack: 0x5DD062A7 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:08.426208 24.34.222.52:4929 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:482 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x9654E426 Ack: 0x5ED9A0A4 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:09.338884 24.34.222.52:4957 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x966C4FF1 Ack: 0x5E48C2DD Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:10.409484 24.34.222.52:4986 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:753 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x9684D16D Ack: 0x5EF52FC8 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:14.246170 24.34.222.52:3106 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:1266 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x96E7B13D Ack: 0x5EBF842B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/22-17:07:15.046994 24.34.222.52:3127 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:1366 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x96FB0A07 Ack: 0x5ED8B7E3 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/22-17:07:19.149697 24.34.222.52:3261 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:1904 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x9770E463 Ack: 0x5F06042D Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:23.402856 24.34.222.52:3376 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:2456 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x97D5696E Ack: 0x5F14E327 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:33.312905 24.34.222.52:3396 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:3696 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x97E6BEFF Ack: 0x5FAE8A10 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:34.626473 24.34.222.52:3676 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:3878 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x98D897E3 Ack: 0x604836C9 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:41.533151 24.34.222.52:3795 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:4726 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x994331EE Ack: 0x6096554E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:45.549558 24.34.222.52:3979 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x99E4F9C2 Ack: 0x606397B0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:48.544211 24.34.222.52:3979 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:5621 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x99E4F9C2 Ack: 0x606397B0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:49.879329 24.34.222.52:4111 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:5800 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x9A56800A Ack: 0x607FA05F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:07:56.435356 24.34.222.52:4230 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:6642 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9ABFCC09 Ack: 0x616FAEE8 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:08:00.140683 24.34.222.52:4320 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:7133 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x9B0A9C93 Ack: 0x6186FF5B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-17:08:01.015722 24.34.222.52:4429 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:7246 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9B691521 Ack: 0x61FDC4B1 Win: 0x4470 TcpLen: 20 |
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/05-16:25:10.333035 24.34.222.52:4454 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:34991 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x3E1DE18B Ack: 0x3B360E10 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/05-16:25:10.341095 24.34.222.52:4454 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:34992 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x3E1DE73F Ack: 0x3B360E10 Win: 0x4470 TcpLen: 20 |