[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:06.349647 24.209.219.162:4976 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:54646 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x361A1FBD Ack: 0xC01B7F9 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:06.414816 24.209.219.162:4986 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:54659 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x361F03F6 Ack: 0xC5564B3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/22-09:59:06.518673 24.209.219.162:4996 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:54672 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x3621FAE4 Ack: 0xBD0E88E Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/22-09:59:11.998642 24.209.219.162:1406 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:55628 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x371444E6 Ack: 0xBEE3DBB Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.430856 24.209.219.162:1804 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57200 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x385C11D7 Ack: 0xD03974F Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.505118 24.209.219.162:1809 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57217 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x385FB745 Ack: 0xD65E898 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.599450 24.209.219.162:1815 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57242 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x386442D4 Ack: 0xD488FF5 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.666051 24.209.219.162:1823 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57256 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x3869A3D8 Ack: 0xD1B4352 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.794558 24.209.219.162:1827 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57276 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x386D4ADC Ack: 0xD172D5D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:21.871018 24.209.219.162:1831 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57296 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x3871C55E Ack: 0xC96C18A Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:25.857130 24.209.219.162:1835 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57608 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x38748E94 Ack: 0xD0C5F6D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:27.077825 24.209.219.162:1953 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57784 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x38D1ED52 Ack: 0xCD07951 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/22-09:59:27.213821 24.209.219.162:1986 -> 192.168.1.6:80 TCP TTL:123 TOS:0x0 ID:57837 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x38EE8F58 Ack: 0xD186D3C Win: 0x4470 TcpLen: 20 |
Go to: