[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:33.950010 24.204.108.61:4608 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49048 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xE5C9D660 Ack: 0x9625E53D Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:34.653713 24.204.108.61:4613 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49065 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xE5D03306 Ack: 0x956D2EC2 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:34.990126 24.204.108.61:4622 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49078 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE5D5658C Ack: 0x9599728B Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:35.257927 24.204.108.61:4625 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49094 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xE5D8F1BC Ack: 0x95471D78 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:35.536388 24.204.108.61:4630 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49105 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE5DD5C5E Ack: 0x95ADCE9E Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/27-13:44:35.863088 24.204.108.61:4634 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49118 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE5E18E1B Ack: 0x961DD2C1 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/27-13:44:39.407550 24.204.108.61:4668 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49225 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xE6078C61 Ack: 0x96365836 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:39.682278 24.204.108.61:4670 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49237 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xE609D646 Ack: 0x95DA9181 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:39.950228 24.204.108.61:4676 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49247 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE60F2403 Ack: 0x95A7C0B1 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:43.421735 24.204.108.61:4710 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49326 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE6338464 Ack: 0x9601CAE9 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:43.734815 24.204.108.61:4712 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49338 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE635CC42 Ack: 0x965D794E Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:47.288762 24.204.108.61:4761 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49493 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xE666119B Ack: 0x963BCC3A Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:47.640208 24.204.108.61:4768 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49512 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xE66CA2CB Ack: 0x96666610 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:50.643414 24.204.108.61:4768 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49601 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xE66CA2CB Ack: 0x96666610 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:50.869188 24.204.108.61:4800 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49616 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE690AB68 Ack: 0x971CC3C2 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:51.120419 24.204.108.61:4807 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49626 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xE696A007 Ack: 0x96BB3C61 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/27-13:44:51.455549 24.204.108.61:4810 -> 192.168.1.6:80 TCP TTL:108 TOS:0x0 ID:49642 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xE69A1805 Ack: 0x965E2B46 Win: 0xFAF0 TcpLen: 20 |