[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:02.234808 24.158.5.113:3907 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52443 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x43A5E94B Ack: 0xF9D5E100 Win: 0xFC00 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:06.945710 24.158.5.113:3988 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52852 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x43F4C618 Ack: 0xFA652BC2 Win: 0xFC00 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:07.933486 24.158.5.113:4003 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52960 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x44031EC0 Ack: 0xFAC5B880 Win: 0xFC00 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:08.774026 24.158.5.113:4021 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53039 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x44146D47 Ack: 0xFAC9CA84 Win: 0xFC00 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:13.221109 24.158.5.113:4094 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53432 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x445D33DC Ack: 0xFA63BF60 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-19:17:17.589969 24.158.5.113:4164 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53802 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x44A33810 Ack: 0xFA95110F Win: 0xFC00 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/11-19:17:18.415838 24.158.5.113:4180 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53874 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x44B2F200 Ack: 0xFAA7ABDE Win: 0xFC00 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:22.600926 24.158.5.113:4230 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54155 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x44E74ABB Ack: 0xFB531D95 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:23.327164 24.158.5.113:4244 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54208 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x44F338AD Ack: 0xFAFA6718 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:27.187244 24.158.5.113:4292 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54473 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x45243C4A Ack: 0xFB2653CB Win: 0xFC00 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:28.036975 24.158.5.113:4300 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54537 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x452BF103 Ack: 0xFBC51077 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:28.892930 24.158.5.113:4314 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54599 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x453676A9 Ack: 0xFB88A7AC Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:33.089897 24.158.5.113:4368 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54898 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x456EEF51 Ack: 0xFC208D4C Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:33.860210 24.158.5.113:4383 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54966 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x457E538A Ack: 0xFBDD6558 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:34.781521 24.158.5.113:4398 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55043 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x458CBCF3 Ack: 0xFB807335 Win: 0xFC00 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/11-19:17:39.068490 24.158.5.113:4463 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55415 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x45CF0A8D Ack: 0xFC9CBB22 Win: 0xFC00 TcpLen: 20 |