[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:05.620877 24.150.116.10:4200 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:56629 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x2CD385F6 Ack: 0x5A96DC92 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:06.322802 24.150.116.10:4212 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:56657 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x2CDCA3B8 Ack: 0x5AB69E31 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:06.548239 24.150.116.10:4214 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:56666 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x2CDEA63B Ack: 0x5B14DCDE Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:06.729268 24.150.116.10:4219 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:56683 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x2CE1C647 Ack: 0x5AF78F33 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:16.133226 24.150.116.10:4411 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57139 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2D7DC2FC Ack: 0x5ACBE34E Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/26-09:12:16.306156 24.150.116.10:4415 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2D80D87A Ack: 0x5AEA3FE1 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/26-09:12:16.530387 24.150.116.10:4418 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57158 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x2D83167E Ack: 0x5AC0C17A Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:16.732378 24.150.116.10:4419 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57168 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x2D84D106 Ack: 0x5ACB8F5C Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:16.923467 24.150.116.10:4420 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57176 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2D865031 Ack: 0x5B3056D5 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:17.095662 24.150.116.10:4425 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57190 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2D8B1005 Ack: 0x5BA1A1AC Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:17.277653 24.150.116.10:4432 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57203 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2D909AB8 Ack: 0x5B94410A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:17.477969 24.150.116.10:4435 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57218 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2D932ED4 Ack: 0x5B844794 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:30.199664 24.150.116.10:4697 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:58030 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x2E4F90BE Ack: 0x5C385F80 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:30.372293 24.150.116.10:4770 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:58051 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2E89CADD Ack: 0x5C846CFE Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:30.583098 24.150.116.10:4776 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:58081 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x2E8E7CAB Ack: 0x5C07A900 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/26-09:12:30.774300 24.150.116.10:4788 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:58114 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2E978F89 Ack: 0x5C61F550 Win: 0xFAF0 TcpLen: 20 |