[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:37:58.769885 24.203.49.12:4020 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:61677 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x84B92148 Ack: 0xABD6E815 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:09.631463 24.203.49.12:4694 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:63934 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x8689CE24 Ack: 0xAC188A88 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:22.535009 24.203.49.12:1420 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1180 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x8850EE47 Ack: 0xACD13398 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:26.617743 24.203.49.12:1629 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:1936 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x88F6D594 Ack: 0xAD5997BC Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:28.586683 24.203.49.12:1866 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:2305 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x89B83EE6 Ack: 0xADD3204D Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/27-03:38:30.368563 24.203.49.12:1937 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:2673 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x89F1C641 Ack: 0xADC6E38B Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/27-03:38:31.419829 24.203.49.12:2027 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:2780 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x8A394228 Ack: 0xAE2F9911 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:42.161807 24.203.49.12:2528 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:4774 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x8BCCE414 Ack: 0xAE891007 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/27-03:38:42.873807 24.203.49.12:2603 -> 192.168.1.6:80 TCP TTL:111 TOS:0x0 ID:4999 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x8C0CA3DD Ack: 0xAE5A17CD Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |