[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/07-02:16:18.353498 24.157.60.48:2016 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:36721 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x37FC8A15 Ack: 0xEAF9BA65 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-02:16:18.417861 24.157.60.48:2016 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:36722 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x37FC8FC9 Ack: 0xEAF9BA65 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:05:02.659635 24.157.60.48:3379 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:63769 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x5BA4B3FB Ack: 0x60D3CABF Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:05:12.750219 24.157.60.48:3671 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:64961 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x5CA835EF Ack: 0x60F02755 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:05:13.613736 24.157.60.48:3687 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:65037 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5CB59B6F Ack: 0x60CDC614 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:05:22.754107 24.157.60.48:3960 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:800 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x5DA2B50A Ack: 0x621D7125 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:05:45.083342 24.157.60.48:4541 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:3781 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5F9E5D81 Ack: 0x62DE03BC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-03:05:46.876886 24.157.60.48:4587 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:4001 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x5FC574AF Ack: 0x62ED5A1C Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-03:06:32.821221 24.157.60.48:1919 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:10083 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x64409BAF Ack: 0x661364DA Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:06:43.735825 24.157.60.48:2201 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:11427 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x6534762E Ack: 0x663CDB53 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:06:50.311992 24.157.60.48:2381 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:12298 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x65D3798A Ack: 0x6720E1F9 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:06:52.668525 24.157.60.48:2381 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:12631 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x65D3798A Ack: 0x6720E1F9 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:06:54.628491 24.157.60.48:2508 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:12786 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x66438EDA Ack: 0x673B3279 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:06:56.608532 24.157.60.48:2536 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:12990 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x665CF35E Ack: 0x67476273 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:07:07.310917 24.157.60.48:2834 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:14375 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x67643C49 Ack: 0x67D79DC1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:07:09.377190 24.157.60.48:2888 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:14613 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6793A444 Ack: 0x686F5DD0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:07:11.685838 24.157.60.48:2943 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:14862 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x67C2F78F Ack: 0x68852177 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-03:07:16.147834 24.157.60.48:3006 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:15479 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x67FA29F3 Ack: 0x69008164 Win: 0x4470 TcpLen: 20 |
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-20:32:08.274521 24.157.60.48:1828 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:33586 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xB4ED9199 Ack: 0xD327EC5D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-20:32:08.337760 24.157.60.48:1828 -> 192.168.1.6:80 TCP TTL:107 TOS:0x0 ID:33587 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0xB4ED974D Ack: 0xD327EC5D Win: 0x4470 TcpLen: 20 |