[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:16.570259 24.123.41.130:3354 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:41422 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xC3DA05EA Ack: 0x2CF5C1AE Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:16.877603 24.123.41.130:3375 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:41489 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xC3E8B790 Ack: 0x2D633FCD Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:16.996218 24.123.41.130:3387 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:41522 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC3F1A67C Ack: 0x2D1B2369 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:17.114135 24.123.41.130:3401 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:41551 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xC3FAFB3C Ack: 0x2D08AD16 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:17.249950 24.123.41.130:3406 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:41576 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xC3FE8C88 Ack: 0x2DA92939 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/08-21:29:27.077377 24.123.41.130:4004 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:43879 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xC5D90FD9 Ack: 0x2D73CAB4 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/08-21:29:36.480037 24.123.41.130:4545 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:45730 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xC7815AC6 Ack: 0x2E7E6356 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:36.588855 24.123.41.130:4549 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:45752 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xC7856167 Ack: 0x2E92E9F2 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:45.923674 24.123.41.130:3266 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:47724 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC937D7BB Ack: 0x2EC27442 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:46.091493 24.123.41.130:3273 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:47766 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC93CBAC4 Ack: 0x2F3224C2 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:46.256710 24.123.41.130:3283 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:47803 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC9449D66 Ack: 0x2EC2C23E Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:46.412599 24.123.41.130:3291 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:47841 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xC94B1E69 Ack: 0x2EB2F8A0 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:46.573751 24.123.41.130:3301 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:47881 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xC953958E Ack: 0x2F1A4481 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:49.890131 24.123.41.130:3301 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:48645 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xC953958E Ack: 0x2F1A4481 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:55.699617 24.123.41.130:3822 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:49626 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCAEA0408 Ack: 0x2F64DE74 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:29:55.783494 24.123.41.130:3828 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:49649 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xCAEE9C83 Ack: 0x2FCCFFD6 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/08-21:30:08.784003 24.123.41.130:4375 -> 192.168.1.6:80 TCP TTL:119 TOS:0x0 ID:51978 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCC9BCF7E Ack: 0x3025CEB3 Win: 0xFAF0 TcpLen: 20 |