[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:32.691849 24.98.186.231:1956 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:61509 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xA503A6D8 Ack: 0x50A0B35C Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:33.727449 24.98.186.231:1987 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:61588 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xA51D883B Ack: 0x50BDCEB7 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:43.205436 24.98.186.231:2360 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:62954 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA657E18D Ack: 0x516A4013 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:43.557537 24.98.186.231:2372 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:63009 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA661F241 Ack: 0x510C74C6 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:52.901276 24.98.186.231:2789 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:64477 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xA7B5BF58 Ack: 0x51E6BCA4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/28-04:04:56.575359 24.98.186.231:2941 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65044 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xA832D11D Ack: 0x525BB2BD Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/28-04:04:56.969854 24.98.186.231:2964 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65107 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xA847C7C4 Ack: 0x51E8C913 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:57.377108 24.98.186.231:2978 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65171 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xA8543828 Ack: 0x52488AEE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:58.001284 24.98.186.231:3005 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65269 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA86944B4 Ack: 0x523202D1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:58.528361 24.98.186.231:3033 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65354 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA8807D29 Ack: 0x52258675 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:04:58.984658 24.98.186.231:3052 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:65426 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA8908E40 Ack: 0x520F83D2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:05:08.347444 24.98.186.231:3469 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1358 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xA9E92F78 Ack: 0x5289B750 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:05:08.795282 24.98.186.231:3481 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1430 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xA9F3DF67 Ack: 0x53246670 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:05:09.219084 24.98.186.231:3498 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1496 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xAA019CFE Ack: 0x530187B6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:05:09.808597 24.98.186.231:3512 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1588 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xAA0E7AE9 Ack: 0x5330637D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-04:05:19.401542 24.98.186.231:3941 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:3060 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xAB6CB40A Ack: 0x532628A8 Win: 0x4470 TcpLen: 20 |