[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-20:59:10.792767 24.165.22.49:4370 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:47323 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xDCD807A0 Ack: 0xFE3B5764 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-20:59:11.478050 24.165.22.49:4379 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:47393 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xDCE14EDA Ack: 0xFF00634F Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-20:59:12.129747 24.165.22.49:4390 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:47472 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xDCEB5A7D Ack: 0xFE5C967A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/01-20:59:21.830116 24.165.22.49:4552 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:48628 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xDD8635C4 Ack: 0xFF55249E Win: 0x4470 TcpLen: 20 |