[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-20:45:19.535591 24.203.122.222:3035 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38368 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x49D14933 Ack: 0xD6C1F7B8 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-20:45:24.672868 24.203.122.222:3063 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39006 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x49EF27E5 Ack: 0xD6677784 Win: 0xFAF0 TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-20:45:29.854822 24.203.122.222:3251 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39568 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A8E4461 Ack: 0xD6F196B2 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-20:45:32.387725 24.203.122.222:3431 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4B18464A Ack: 0xD7CA5CA4 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-20:45:46.279615 24.203.122.222:3856 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41557 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C745CAA Ack: 0xD7BE997A Win: 0xFAF0 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/23-20:45:51.251172 24.203.122.222:4005 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42126 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4CF67602 Ack: 0xD81A87A3 Win: 0xFAF0 TcpLen: 20 |
![[Silicon Defense logo]](../../../SDlogo.gif)