[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:52:43.905878 24.202.15.240:1126 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:58271 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xD21F170C Ack: 0x68A10067 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:52:44.651316 24.202.15.240:1137 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:58297 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xD229433B Ack: 0x68A28EB7 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:52:45.468106 24.202.15.240:1140 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:58338 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD22E8C1A Ack: 0x6852D730 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:52:46.181000 24.202.15.240:1145 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:58377 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xD233AFC7 Ack: 0x68E060D6 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:52:56.512192 24.202.15.240:1344 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59098 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD2ED89D5 Ack: 0x6958F6F4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/25-20:52:57.190456 24.202.15.240:1351 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59152 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD2F62C70 Ack: 0x68B1E484 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/25-20:53:04.305243 24.202.15.240:1437 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59537 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xD342407F Ack: 0x69626922 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:04.909360 24.202.15.240:1485 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59566 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xD3724882 Ack: 0x695B7A42 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:05.705042 24.202.15.240:1495 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59617 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD37CEA8B Ack: 0x69F32457 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:09.574259 24.202.15.240:1541 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59812 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD3ABC26F Ack: 0x6A1D2A8C Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:10.335655 24.202.15.240:1571 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:59845 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD3C2F02C Ack: 0x69A047D0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:17.329659 24.202.15.240:1617 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:60187 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD3F42E67 Ack: 0x69FA3037 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:18.146341 24.202.15.240:1689 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:60216 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD4388C6E Ack: 0x6A1C8D10 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:18.885926 24.202.15.240:1695 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:60253 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD43F0D0D Ack: 0x6A1E2797 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:19.618070 24.202.15.240:1700 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:60269 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xD444E8C0 Ack: 0x6A0FD353 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/25-20:53:20.420298 24.202.15.240:1706 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:60320 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD44C15E9 Ack: 0x6A6D5DD8 Win: 0x4470 TcpLen: 20 |