[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:25:41.135041 24.98.140.134:2350 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:31518 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x766D19B5 Ack: 0x237DC83B Win: 0xF990 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:25:41.722824 24.98.140.134:2386 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:31595 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x768C1545 Ack: 0x22AF96A9 Win: 0xF990 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:25:51.278363 24.98.140.134:2728 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:32856 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x77A74A59 Ack: 0x234C9911 Win: 0xF990 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:25:51.753576 24.98.140.134:2758 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:32953 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x77C08CCC Ack: 0x23A54196 Win: 0xF990 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:01.245198 24.98.140.134:3136 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x78FCD28C Ack: 0x2443E3B2 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/04-06:26:01.743329 24.98.140.134:3155 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:34407 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x790C1EC3 Ack: 0x2411E10E Win: 0xF990 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/04-06:26:02.294797 24.98.140.134:3175 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:34471 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x791D3790 Ack: 0x24B650B7 Win: 0xF990 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:02.739746 24.98.140.134:3187 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:34548 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x7928C4E4 Ack: 0x242DD4CC Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:12.447023 24.98.140.134:3592 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:36017 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7A75A492 Ack: 0x2537132D Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:15.696532 24.98.140.134:3611 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:36577 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7A858A63 Ack: 0x24F35337 Win: 0xF990 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:16.145478 24.98.140.134:3758 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:36650 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7B0161A4 Ack: 0x259DE9CF Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:25.746211 24.98.140.134:4146 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:37952 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7C42BF17 Ack: 0x25712B10 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:26.045707 24.98.140.134:4159 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:38020 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x7C4E128B Ack: 0x2609D67F Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:35.442020 24.98.140.134:4168 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:39596 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7C55CEE9 Ack: 0x255446A6 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:38.638781 24.98.140.134:4595 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:40130 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x7DAC8A57 Ack: 0x26F81223 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/04-06:26:39.122268 24.98.140.134:4836 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:40179 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7E1ECBD7 Ack: 0x26CBBB1F Win: 0xF990 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:08.859727 24.98.140.134:2433 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:1419 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x5C83BDD4 Ack: 0xB88206BD Win: 0xF990 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:09.003677 24.98.140.134:2710 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:1479 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5D537075 Ack: 0xB7B41DE9 Win: 0xF990 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:09.159404 24.98.140.134:2724 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:1520 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5D5EAA70 Ack: 0xB8827A96 Win: 0xF990 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:09.335319 24.98.140.134:2733 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:1554 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5D65BE25 Ack: 0xB7F8CC0B Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-07:22:18.562432 24.98.140.134:3531 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:4265 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5FC7A8D6 Ack: 0xB9048F04 Win: 0xF990 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-07:22:18.765362 24.98.140.134:3537 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:4301 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5FCCEAB3 Ack: 0xB904CDB2 Win: 0xF990 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:28.119843 24.98.140.134:4326 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:6739 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x622317D0 Ack: 0xB97E78D0 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:28.316735 24.98.140.134:4396 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:6822 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x623915AA Ack: 0xB8D31D70 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:28.552353 24.98.140.134:4451 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:6874 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6256E426 Ack: 0xB937BB6D Win: 0xF990 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:28.950580 24.98.140.134:4471 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:6960 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6260C16D Ack: 0xB98308FD Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:38.469604 24.98.140.134:1514 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:9480 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x64B2B54E Ack: 0xB9A81F03 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:47.729233 24.98.140.134:2324 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:11982 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x672541B0 Ack: 0xBA2A8861 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:48.019617 24.98.140.134:2332 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:12032 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x672B8061 Ack: 0xBA925D4E Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:50.997991 24.98.140.134:2332 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:12765 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x672B8061 Ack: 0xBA925D4E Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:22:51.480215 24.98.140.134:2602 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:12907 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x680209E3 Ack: 0xBAB137A5 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-07:23:00.877124 24.98.140.134:3382 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:15398 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6A55D065 Ack: 0xBBAE2D8B Win: 0xF990 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:25.519784 24.98.140.134:4095 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:58253 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x3E66C4D Ack: 0x46E56650 Win: 0xF990 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:32.426623 24.98.140.134:4457 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:59708 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x504B591 Ack: 0x46C0C068 Win: 0xF990 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:32.812594 24.98.140.134:4781 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:59784 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x59A9407 Ack: 0x479B0349 Win: 0xF990 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:36.315737 24.98.140.134:1113 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60612 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6468A5F Ack: 0x478A2A23 Win: 0xF990 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:36.519304 24.98.140.134:1132 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60692 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x654D4B6 Ack: 0x47A3CB4C Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/08-00:56:36.818201 24.98.140.134:1143 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60742 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x65E0BEB Ack: 0x474D76E9 Win: 0xF990 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/08-00:56:37.206714 24.98.140.134:1170 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60837 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x670EEF7 Ack: 0x475907F7 Win: 0xF990 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:37.416422 24.98.140.134:1197 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60904 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x687E7DC Ack: 0x47B14D73 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:37.612613 24.98.140.134:1200 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:60954 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x68B31AF Ack: 0x471EC9CC Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:37.791953 24.98.140.134:1215 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:61020 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x694B074 Ack: 0x475A6E7A Win: 0xF990 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:38.125678 24.98.140.134:1229 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:61087 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x69FC36D Ack: 0x472E665D Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:38.531224 24.98.140.134:1239 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:61169 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6A80D83 Ack: 0x47BD111C Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:39.018151 24.98.140.134:1260 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:61502 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6B8071B Ack: 0x47B3C00C Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/08-00:56:39.537519 24.98.140.134:1280 -> 192.168.1.6:80 TCP TTL:47 TOS:0x0 ID:61576 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6C88E8D Ack: 0x47608EC9 Win: 0xF990 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |