[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:20.599847 24.98.20.14:2591 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:45417 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xF5AD8C39 Ack: 0xEF81F08A Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:23.029932 24.98.20.14:2824 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:46128 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xF6686C85 Ack: 0xF0784A15 Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:25.612719 24.98.20.14:3021 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:46813 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xF6FC35C0 Ack: 0xF0B81E03 Win: 0x44E8 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:31.151600 24.98.20.14:3241 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:48280 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xF7ADD69F Ack: 0xF1DE2B7B Win: 0x44E8 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:42.573004 24.98.20.14:4538 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:51449 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xFB89F70E Ack: 0xF1BDC068 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/06-11:17:51.224143 24.98.20.14:1029 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:53795 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xFCFB307B Ack: 0xF26C84FB Win: 0x44E8 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/06-11:17:53.755042 24.98.20.14:1504 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:54472 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xFE6E353B Ack: 0xF31ECE52 Win: 0x44E8 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:56.169620 24.98.20.14:1752 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:55206 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xFF23D7BF Ack: 0xF2A9CBC4 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:17:58.298274 24.98.20.14:1950 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:55780 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xFFB66B65 Ack: 0xF3007C23 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:18:00.452980 24.98.20.14:2128 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:56356 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x431FEA Ack: 0xF319DB91 Win: 0x44E8 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:18:07.274680 24.98.20.14:2316 -> 192.168.1.6:80 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137 ***AP*** Seq: 0xDA6E6D Ack: 0x7BF8F500 Win: 0x0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:18:08.503870 24.98.20.14:2797 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:58535 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2488E8E Ack: 0xF3BA15B6 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/06-11:18:10.688427 24.98.20.14:2994 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:59134 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x2E25F65 Ack: 0xF3A677B4 Win: 0x44E8 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/10-15:11:58.004418 24.98.20.14:2785 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:10748 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x9F89C4DF Ack: 0x65AA1DFA Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/10-15:12:02.774411 24.98.20.14:3087 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:11949 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xA0825947 Ack: 0x662749D9 Win: 0x44E8 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/10-15:12:03.927575 24.98.20.14:3155 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:12260 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA0B7E4BF Ack: 0x6692513F Win: 0x44E8 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/10-15:12:05.108231 24.98.20.14:3226 -> 192.168.1.6:80 TCP TTL:112 TOS:0x0 ID:12523 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA0F21B9E Ack: 0x6677B835 Win: 0x44E8 TcpLen: 20 |