[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:09.205232 24.126.254.13:1657 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:29515 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x391C77EE Ack: 0x9547483D Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:17.607737 24.126.254.13:1867 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:30319 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x39D704F7 Ack: 0x95764EFC Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:19.792071 24.126.254.13:1928 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:30548 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x3A09DE31 Ack: 0x95AF7AF0 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:25.989516 24.126.254.13:2077 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:31142 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x3A86BBC4 Ack: 0x9634C4DA Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:28.082909 24.126.254.13:2153 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:31372 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3AC6E83D Ack: 0x95DD2B18 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/21-10:52:32.920443 24.126.254.13:2312 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:31982 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x3B4DDABB Ack: 0x96840785 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/21-10:52:35.088771 24.126.254.13:2360 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:32235 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x3B78DA0D Ack: 0x96B32FA0 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:36.311809 24.126.254.13:2419 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:32377 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x3BABABC7 Ack: 0x96A98941 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:38.438555 24.126.254.13:2457 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:32583 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3BC9D019 Ack: 0x96E4DBDB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:43.663227 24.126.254.13:2587 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:33090 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3C4047A9 Ack: 0x96B701E7 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:49.210164 24.126.254.13:2726 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:33629 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CB90873 Ack: 0x9743EF79 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:54.340540 24.126.254.13:2797 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:34189 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3CF87FFC Ack: 0x97EDD721 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:56.393847 24.126.254.13:2932 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:34396 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x3D72E457 Ack: 0x981F582C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:52:57.673378 24.126.254.13:2987 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:34546 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3DA057D1 Ack: 0x9847F234 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:53:00.741978 24.126.254.13:2987 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:34847 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3DA057D1 Ack: 0x9847F234 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:53:02.366671 24.126.254.13:3104 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:35041 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x3E06C5E3 Ack: 0x980AB9DC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/21-10:53:13.953010 24.126.254.13:3389 -> 192.168.1.6:80 TCP TTL:105 TOS:0x0 ID:36153 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3F031571 Ack: 0x98C97F34 Win: 0x4470 TcpLen: 20 |