[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:58:54.794183 24.114.34.24:2905 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25749 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xD2722A27 Ack: 0xAC8789DE Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:58:56.458249 24.114.34.24:2965 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:25926 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xD2A4B6BF Ack: 0xAC8389B6 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:06.634967 24.114.34.24:3265 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27000 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD3A49380 Ack: 0xACC61CAD Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:07.562917 24.114.34.24:3299 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27129 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD3C069D4 Ack: 0xAD35FE03 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:11.779198 24.114.34.24:3434 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27626 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD4351CE0 Ack: 0xADA56CC3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-10:59:12.613141 24.114.34.24:3468 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27749 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD451BD27 Ack: 0xAD5492E3 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/02-10:59:16.881354 24.114.34.24:3599 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28216 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD4BFD77D Ack: 0xAE122295 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:21.428099 24.114.34.24:3722 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28680 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xD5282A1E Ack: 0xADA7EC8E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:22.927820 24.114.34.24:3767 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28849 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD550C5DC Ack: 0xADE64D5E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:24.301771 24.114.34.24:3806 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28998 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD574C550 Ack: 0xADFB9587 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:34.718493 24.114.34.24:4110 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30147 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD67BD66D Ack: 0xAEF14088 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:36.254415 24.114.34.24:4158 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30298 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD6A57BBE Ack: 0xAF2CE713 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:37.496683 24.114.34.24:4203 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30445 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD6CCE8B5 Ack: 0xAECF6C76 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:40.549897 24.114.34.24:4203 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30757 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD6CCE8B5 Ack: 0xAECF6C76 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:48.247249 24.114.34.24:4483 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:31446 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD7BD849B Ack: 0xAF6304D0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:51.323839 24.114.34.24:4483 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:31700 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD7BD849B Ack: 0xAF6304D0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:52.821585 24.114.34.24:4604 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:31871 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xD829ED15 Ack: 0xAFA0FB23 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/02-10:59:57.489989 24.114.34.24:4731 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:32300 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD896F640 Ack: 0xAFCB1233 Win: 0x4470 TcpLen: 20 |