[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:15.917815 24.91.112.149:1653 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16213 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xD3F4B572 Ack: 0x3FF83E49 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:17.062882 24.91.112.149:1669 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16304 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xD4069A36 Ack: 0x40A43271 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:17.895825 24.91.112.149:1681 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16375 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD411425A Ack: 0x403E98E4 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:18.456344 24.91.112.149:1694 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16433 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD41E1FE2 Ack: 0x40B6A532 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:18.760647 24.91.112.149:1703 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16476 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD427515A Ack: 0x403BB83E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/27-11:06:19.166501 24.91.112.149:1714 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16516 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD430AF9B Ack: 0x40A335E0 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/27-11:06:19.734162 24.91.112.149:1729 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16581 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD43CB5BC Ack: 0x404B6178 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:20.656683 24.91.112.149:1744 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:16662 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xD44CBDEA Ack: 0x40664873 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:21.580380 24.91.112.149:1751 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:20641 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD453FE96 Ack: 0x410D0761 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:25.651933 24.91.112.149:1834 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:61049 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD4A109D7 Ack: 0x412ABA59 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:32.653898 24.91.112.149:1928 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:10924 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD501124E Ack: 0x41B7AA8C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:42.715585 24.91.112.149:2146 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:11837 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD5D1A4A9 Ack: 0x4174F9A9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:43.255989 24.91.112.149:2162 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:11935 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD5E06161 Ack: 0x421F63F0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:53.710055 24.91.112.149:2289 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:13115 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xD65C839D Ack: 0x4279A162 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:54.242587 24.91.112.149:2400 -> 192.168.1.6:80 TCP TTL:104 TOS:0x0 ID:13207 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD6B7C225 Ack: 0x4268D44E Win: 0x4470 TcpLen: 20 |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-11:06:55.970445 24.91.112.149:2172 -> 192.168.1.6:80 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136 ***AP*** Seq: 0x42346ECA Ack: 0xD5EB008C Win: 0x16D0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-16:15:44.738516 24.91.112.149:3311 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:51791 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xCCD06664 Ack: 0x8D5606E9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-16:15:44.746516 24.91.112.149:3311 -> 192.168.1.6:80 TCP TTL:106 TOS:0x0 ID:51792 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xCCD06C18 Ack: 0x8D5606E9 Win: 0x4470 TcpLen: 20 |