[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:04.434109 24.201.83.152:1125 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:50560 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xA8C445F6 Ack: 0xDA02E361 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:08.386842 24.201.83.152:1176 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:50813 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xA8F93210 Ack: 0xDA68CF3A Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:12.646435 24.201.83.152:1191 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:51227 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA908B755 Ack: 0xDA2F4BD9 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:44.189047 24.201.83.152:1396 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53473 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xA9D6F53B Ack: 0xDB760006 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:45.242117 24.201.83.152:1705 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53542 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xAB12B93B Ack: 0xDC24BC01 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-16:33:49.712603 24.201.83.152:1761 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53853 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xAB4E1A57 Ack: 0xDD396C48 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 06/07-16:33:50.388117 24.201.83.152:1775 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53905 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xAB5B94F0 Ack: 0xDC8B4EE7 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:33:51.320719 24.201.83.152:1785 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:53954 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xAB6540BD Ack: 0xDCDCD42F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:01.698003 24.201.83.152:1947 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54762 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xAC054C61 Ack: 0xDCFE800A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:02.508486 24.201.83.152:1962 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54812 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xAC145E19 Ack: 0xDD645049 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:03.487851 24.201.83.152:1973 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54880 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xAC1D60EF Ack: 0xDD625569 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:04.386332 24.201.83.152:1983 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:54939 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xAC2850D3 Ack: 0xDE0D7D08 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:05.295212 24.201.83.152:1995 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55013 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xAC346A32 Ack: 0xDDA2265D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:06.091578 24.201.83.152:2009 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55061 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xAC425058 Ack: 0xDD9778B2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:07.096340 24.201.83.152:2022 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55118 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xAC4FAAAA Ack: 0xDDA8B10A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 06/07-16:34:08.214034 24.201.83.152:2035 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:55187 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xAC5C976F Ack: 0xDDC13B0A Win: 0x4470 TcpLen: 20 |