[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:56:54.780053 24.148.37.196:2824 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:35403 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x47DD7BA2 Ack: 0x22B70EF5 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:05.595077 24.148.37.196:3234 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:36854 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x492FBC12 Ack: 0x23782D5E Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:06.828001 24.148.37.196:3286 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:37032 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x495CC284 Ack: 0x23252A58 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:08.144903 24.148.37.196:3335 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:37210 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x49872E24 Ack: 0x23AD138F Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:12.886674 24.148.37.196:3521 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:37883 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4A1C05B0 Ack: 0x23FD8DFF Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-14:57:14.096665 24.148.37.196:3573 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:38071 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4A4741B8 Ack: 0x238F3936 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-14:57:15.338313 24.148.37.196:3617 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:38267 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4A6BCC16 Ack: 0x23B74D08 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:26.140593 24.148.37.196:4055 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:39899 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x4BD761D7 Ack: 0x2480C5C7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:31.018702 24.148.37.196:4238 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:40584 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4C6E4CC4 Ack: 0x24A40603 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:32.274200 24.148.37.196:4293 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:40770 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4C9C6A01 Ack: 0x2506492B Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:37.106980 24.148.37.196:4467 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:41432 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4D2C7276 Ack: 0x24EA7480 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:38.509108 24.148.37.196:4520 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:41630 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4D5A2E52 Ack: 0x25505B8D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:46.371587 24.148.37.196:4779 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:42753 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x4DF47E70 Ack: 0x252926BA Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:47.546208 24.148.37.196:1084 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:42924 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4E83557F Ack: 0x25A13DDB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:48.990468 24.148.37.196:1136 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:43125 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x4EB096B5 Ack: 0x25718685 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-14:57:50.353445 24.148.37.196:1185 -> 192.168.1.6:80 TCP TTL:115 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4ED56006 Ack: 0x262DCB1A Win: 0x4470 TcpLen: 20 |