[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:03.944052 24.114.38.37:3261 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:9477 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBEBEFE0D Ack: 0xB684239 Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:09.980123 24.114.38.37:3709 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10216 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xC0296984 Ack: 0xC0DDC1E Win: 0x4470 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:12.450019 24.114.38.37:3769 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10784 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC061B701 Ack: 0xBDF359A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:19.463424 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:22.928338 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12285 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:28.429061 24.114.38.37:4009 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13086 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xC181819E Ack: 0xC92DEC1 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:31.015704 24.114.38.37:4457 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:13519 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2955E7A Ack: 0xD168255 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-17:36:43.025349 24.114.38.37:1286 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15006 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC45D930B Ack: 0xDBD5552 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-17:36:54.954609 24.114.38.37:1833 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:16887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC6284EC9 Ack: 0xF4A2071 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:56.978402 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17371 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D Ack: 0xF7314F8 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/19-17:36:59.998720 24.114.38.37:1873 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:17656 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC64F018D Ack: 0xF7314F8 Win: 0x4470 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
![[Silicon Defense logo]](../../../SDlogo.gif)