[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:22.527295 24.198.102.60:3043 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:53834 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x6D4408CB Ack: 0x1E1B1F0C Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:23.109362 24.198.102.60:3052 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:53878 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x6D4CD55C Ack: 0x1E092842 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:23.360551 24.198.102.60:3057 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:53906 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6D517ED4 Ack: 0x1E199D5A Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:32.597107 24.198.102.60:3331 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:54683 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x6E3CEDF4 Ack: 0x1ED56E70 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:32.870506 24.198.102.60:3337 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:54719 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x6E41E9DB Ack: 0x1F5494AC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/28-03:51:33.148850 24.198.102.60:3343 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:54757 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6E470690 Ack: 0x1EB9BEE4 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/28-03:51:36.352552 24.198.102.60:3443 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:55016 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x6E9C24C1 Ack: 0x1FA8B960 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:45.651690 24.198.102.60:3692 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:55722 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x6F77C775 Ack: 0x1FB8CDCD Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:45.890913 24.198.102.60:3700 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:55740 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6F7E67A0 Ack: 0x1FEEE201 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:46.164427 24.198.102.60:3708 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:55782 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x6F852D7A Ack: 0x1F7D0308 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:55.390858 24.198.102.60:3996 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:56611 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7080C836 Ack: 0x200EE93B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:51:58.771968 24.198.102.60:4109 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:56949 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x70E25A12 Ack: 0x20707357 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:52:02.052419 24.198.102.60:4187 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:57136 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x71267604 Ack: 0x2115AB9B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:52:02.271081 24.198.102.60:4195 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:57157 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x712D6E9A Ack: 0x21491007 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:52:05.241393 24.198.102.60:4195 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:57365 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x712D6E9A Ack: 0x21491007 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:52:05.666408 24.198.102.60:4285 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:57410 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x717E253D Ack: 0x210F997C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/28-03:52:14.969423 24.198.102.60:4521 -> 192.168.1.6:80 TCP TTL:116 TOS:0x0 ID:58017 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x724FB61A Ack: 0x22B37056 Win: 0x4470 TcpLen: 20 |