[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:39.107879 24.101.10.51:3478 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:63984 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6DBD3C02 Ack: 0x77CCD374 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:43.878303 24.101.10.51:3954 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:64983 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x6F0A1782 Ack: 0x781D4AB8 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:49.589328 24.101.10.51:4919 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:473 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6FE7A2B5 Ack: 0x78BB002B Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:52.627062 24.101.10.51:4919 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:1284 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6FE7A2B5 Ack: 0x78BB002B Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:55.969486 24.101.10.51:3810 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:2045 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7215DA1B Ack: 0x799FA49A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:18:58.870469 24.101.10.51:3810 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:2794 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7215DA1B Ack: 0x799FA49A Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:19:02.842053 24.101.10.51:4866 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:3611 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7391D6A2 Ack: 0x7A0E7A8F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-00:19:12.481140 24.101.10.51:4001 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:5725 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x75AB1029 Ack: 0x7B411C8F Win: 0x4470 TcpLen: 20 |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-00:19:15.395689 24.101.10.51:4001 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:6565 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x75AB1029 Ack: 0x7B411C8F Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-00:19:19.023595 24.101.10.51:3162 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:7389 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x77E07F40 Ack: 0x7AF1309F Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-00:19:25.264300 24.101.10.51:3700 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:8807 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x797F6A5B Ack: 0x7B9334E7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |