[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:46:48.253298 24.209.191.91:3536 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23456 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x6FF95F9E Ack: 0xE91D73EE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:46:48.519851 24.209.191.91:3827 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23528 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x70DBB9FE Ack: 0xE92697C2 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:46:48.966134 24.209.191.91:3853 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23629 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x70EF9848 Ack: 0xE8E6A590 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:46:52.487430 24.209.191.91:4131 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:24667 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x71C9140A Ack: 0xE93D14C3 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:51.147751 24.209.191.91:3892 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:53544 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x2F7495F8 Ack: 0x15A08402 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:54.467887 24.209.191.91:4242 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:54719 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x307EE86A Ack: 0x164ECBF7 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:54.819867 24.209.191.91:4270 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:54791 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x30942E12 Ack: 0x15F6CFCE Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:55.040908 24.209.191.91:4304 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:54893 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x30AD80ED Ack: 0x161158EC Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:55.341831 24.209.191.91:4331 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:54962 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x30C2EC40 Ack: 0x162292C1 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/24-13:58:55.602029 24.209.191.91:4354 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:55065 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x30D53662 Ack: 0x166FB709 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/24-13:58:59.100873 24.209.191.91:4380 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:56048 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x30EA1A75 Ack: 0x1641B1E9 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:59.420160 24.209.191.91:4694 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:56116 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x31DD3925 Ack: 0x16ED9BDC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:58:59.821471 24.209.191.91:4722 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:56214 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x31F38801 Ack: 0x16E49318 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:00.196609 24.209.191.91:4756 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:56299 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x320C7AE8 Ack: 0x166F6EEC Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:00.632251 24.209.191.91:4790 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:56417 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x32261436 Ack: 0x16FCB3E6 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:22.028927 24.209.191.91:2818 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:62518 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3818B35E Ack: 0x185A2B26 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:22.247493 24.209.191.91:2839 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:62558 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x382A2185 Ack: 0x17CF4D05 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:22.483045 24.209.191.91:2858 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:62603 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x38388D4A Ack: 0x17FF4912 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:22.749178 24.209.191.91:2877 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:62649 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x3847C535 Ack: 0x187049A4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-13:59:26.017785 24.209.191.91:3203 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:63626 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x3941961E Ack: 0x18863600 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:41.369300 24.209.191.91:1993 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:18329 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x4C2361F9 Ack: 0x996A01DB Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:45.417783 24.209.191.91:2041 -> 192.168.1.6:80 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:110 ***AP*** Seq: 0x4C4639C6 Ack: 0x1AEF1482 Win: 0x0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:48.806940 24.209.191.91:2406 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:20641 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4D5C6FA5 Ack: 0x99C881E4 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:52.234347 24.209.191.91:2710 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:21670 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4E402CE1 Ack: 0x99E92B30 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:55.604578 24.209.191.91:3300 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:22893 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4FFF960A Ack: 0x9B0300A9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/24-14:33:55.917150 24.209.191.91:3330 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:22976 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x50158A77 Ack: 0x9A9104B4 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/24-14:33:56.235984 24.209.191.91:3356 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23079 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x50292A3E Ack: 0x9A657F16 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:56.605316 24.209.191.91:3386 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23200 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x503FF0AE Ack: 0x9A8747B7 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:33:57.055911 24.209.191.91:3420 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:23318 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x50598465 Ack: 0x9A62AE06 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:00.328167 24.209.191.91:3705 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:24258 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x51345181 Ack: 0x9ADDCB3E Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:00.710277 24.209.191.91:3727 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:24359 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x514548A0 Ack: 0x9B2A3EA4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:01.002850 24.209.191.91:3757 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:24446 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x515CE988 Ack: 0x9B22C04E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:04.279738 24.209.191.91:4063 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:25536 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x5244BB7E Ack: 0x9B599D8D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:04.510464 24.209.191.91:4089 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:25646 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x5255B537 Ack: 0x9B63B0E4 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:04.740043 24.209.191.91:4113 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:25737 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x5268A90B Ack: 0x9AD57CB0 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/24-14:34:05.086257 24.209.191.91:4138 -> 192.168.1.6:80 TCP TTL:117 TOS:0x0 ID:25846 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x527B7742 Ack: 0x9B84A861 Win: 0x4470 TcpLen: 20 |
Go to: