[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:19.522230 24.201.31.41:3361 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:50324 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x1F2ABAA0 Ack: 0x3A1332D8 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:29.149496 24.201.31.41:3501 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:50672 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x1FB7D945 Ack: 0x3A09EBEE Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:29.300037 24.201.31.41:3503 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:50686 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x1FB9A5AF Ack: 0x3A669E70 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:38.512794 24.201.31.41:3676 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51221 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x206175F0 Ack: 0x3B4F0EAF Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:47.673866 24.201.31.41:3797 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51523 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x20DE36B0 Ack: 0x3B4044E6 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/09-03:59:47.828573 24.201.31.41:3803 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51535 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x20E444D2 Ack: 0x3BE28C6C Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/09-03:59:57.049311 24.201.31.41:3943 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51932 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x216E09E5 Ack: 0x3BA80CCB Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:57.223111 24.201.31.41:3946 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51942 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x21711488 Ack: 0x3BA1665D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:57.393942 24.201.31.41:3949 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51953 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x21744C28 Ack: 0x3B95BF0D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:57.566033 24.201.31.41:3952 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51962 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2177BDC9 Ack: 0x3B9A3F26 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:57.728784 24.201.31.41:3955 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51977 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x217AE0E9 Ack: 0x3BC06A0F Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:57.870029 24.201.31.41:3961 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51991 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x2180234B Ack: 0x3C2C1E17 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:58.044831 24.201.31.41:3963 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51998 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x218204AE Ack: 0x3BD70ABE Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-03:59:58.217713 24.201.31.41:3965 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52010 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2184594E Ack: 0x3BD66B08 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-04:00:01.198771 24.201.31.41:3965 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52137 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x2184594E Ack: 0x3BD66B08 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/09-04:00:01.584638 24.201.31.41:4017 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52190 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x21B8AEE3 Ack: 0x3CA65BC8 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/09-04:00:01.775358 24.201.31.41:4025 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:52218 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x21BEFEE1 Ack: 0x3C403C23 Win: 0xFAF0 TcpLen: 20 |