[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:11:45.963421 24.138.38.206:3471 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:41548 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x19C9F7E9 Ack: 0xDEA2B23B Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:11:46.420859 24.138.38.206:3485 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:41589 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x19D5BBF3 Ack: 0xDEBBA164 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:11:59.299614 24.138.38.206:3784 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:42584 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1AD088B3 Ack: 0xDFA6329D Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:03.017307 24.138.38.206:3987 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:42874 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1B78D00E Ack: 0xE018DCDC Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:06.224602 24.138.38.206:4077 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:43109 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x1BCA042C Ack: 0xDFCA87B1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/01-15:12:06.426026 24.138.38.206:4083 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:43135 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x1BCF2F49 Ack: 0xE0153978 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/01-15:12:06.668516 24.138.38.206:4090 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:43162 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x1BD46B02 Ack: 0xE0212E40 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:19.334618 24.138.38.206:4428 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44542 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x1CE8F1BB Ack: 0xE0F09580 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:19.552814 24.138.38.206:4564 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44564 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1D597DC5 Ack: 0xE136F36E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:19.784591 24.138.38.206:4572 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44591 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1D60BED8 Ack: 0xE0578081 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:20.408686 24.138.38.206:4584 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44636 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1D6C87C4 Ack: 0xE0733AB9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:20.654121 24.138.38.206:4588 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44661 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x1D708D44 Ack: 0xE1393137 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:20.941353 24.138.38.206:4597 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:44697 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x1D77F013 Ack: 0xE0EB3215 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:23.904533 24.138.38.206:4597 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:45024 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x1D77F013 Ack: 0xE0EB3215 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:24.318855 24.138.38.206:4743 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:45067 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x1DEF2909 Ack: 0xE1967107 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:24.517278 24.138.38.206:4747 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:45088 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x1DF261F9 Ack: 0xE0D4DD11 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-15:12:33.911244 24.138.38.206:3165 -> 192.168.1.6:80 TCP TTL:103 TOS:0x0 ID:45830 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x1EED5614 Ack: 0xE1E79517 Win: 0x4470 TcpLen: 20 |