[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:40.153482 24.140.13.155:1968 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:26718 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x7790E9CE Ack: 0x39336A11 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:43.828940 24.140.13.155:2131 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27215 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x7815EC34 Ack: 0x39AC14C3 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:47.232316 24.140.13.155:2257 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27469 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x787BC1FE Ack: 0x39647080 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:47.424994 24.140.13.155:2263 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27489 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7880F3B1 Ack: 0x39515CE6 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:56.871571 24.140.13.155:2612 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28263 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x799F692D Ack: 0x39AE634E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/09-22:03:57.068579 24.140.13.155:2619 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28291 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x79A596B7 Ack: 0x3A3C056B Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/09-22:03:57.257169 24.140.13.155:2628 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28313 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x79ABCD91 Ack: 0x39BF6BFB Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:57.440998 24.140.13.155:2635 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28333 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x79B1410D Ack: 0x3A1FE29A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:57.612973 24.140.13.155:2638 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28351 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x79B41385 Ack: 0x3A0C2BB1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:57.768314 24.140.13.155:2644 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28362 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x79BA2A28 Ack: 0x3A1A7A30 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:03:57.934003 24.140.13.155:2649 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28384 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x79BE3EA0 Ack: 0x3A989428 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:04.662596 24.140.13.155:2812 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29064 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7A42BC62 Ack: 0x3A837928 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:04.857800 24.140.13.155:2927 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29086 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x7AA3107F Ack: 0x3AE03E2B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:07.833952 24.140.13.155:2927 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29350 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x7AA3107F Ack: 0x3AE03E2B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:08.185547 24.140.13.155:3057 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29403 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7B04B829 Ack: 0x3A7D9C1E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:08.364701 24.140.13.155:3062 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29432 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x7B0819F2 Ack: 0x3A5812C1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-22:04:08.561907 24.140.13.155:3072 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29466 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x7B110EC7 Ack: 0x3AC96CC0 Win: 0x4470 TcpLen: 20 |