[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:37.398771 24.74.33.155:1548 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:65147 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x94F3F73E Ack: 0x2033FC6D Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:38.809652 24.74.33.155:1602 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:65345 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x95229DA2 Ack: 0x206ED5E0 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:40.317066 24.74.33.155:1635 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:3 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x954043B1 Ack: 0x2084D6E7 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:42.001972 24.74.33.155:1674 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:224 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x9562A9B1 Ack: 0x20F65D54 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:43.687969 24.74.33.155:1734 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:455 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x9594ECAA Ack: 0x21283A2C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-01:04:45.208354 24.74.33.155:1771 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:684 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x95B6726E Ack: 0x20F57A6B Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/26-01:04:46.994168 24.74.33.155:1817 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:922 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x95DB0B18 Ack: 0x211FBFF2 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:50.313520 24.74.33.155:1912 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:1364 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x96300839 Ack: 0x2195AB89 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:52.011542 24.74.33.155:1964 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:1604 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x965DB6D3 Ack: 0x21038235 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:57.193715 24.74.33.155:2101 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:2278 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x96D5A696 Ack: 0x21DF7704 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:04:58.530384 24.74.33.155:2159 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:2462 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x97083283 Ack: 0x21797A7D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:05:00.162014 24.74.33.155:2187 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:2689 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x9721E31E Ack: 0x21DDE5E4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:05:04.691392 24.74.33.155:2329 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:3363 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x979CCB3C Ack: 0x2201DCE9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:05:06.249794 24.74.33.155:2367 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:3592 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x97BF4999 Ack: 0x2248BC7E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/26-01:05:10.892904 24.74.33.155:2509 -> 192.168.1.6:80 TCP TTL:114 TOS:0x0 ID:4254 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x98386E33 Ack: 0x22B73E7F Win: 0x4470 TcpLen: 20 |