[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:12.193078 24.217.213.111:4296 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:24204 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x75862A2D Ack: 0x1DFC84F3 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:15.848993 24.217.213.111:4335 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:24890 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x75A737FA Ack: 0x1DD8C2C7 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:16.079415 24.217.213.111:4486 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:24945 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x7623898E Ack: 0x1E561092 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:16.301608 24.217.213.111:4509 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:25007 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x76326128 Ack: 0x1DBCC8D2 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:16.517376 24.217.213.111:4525 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:25062 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x763F6A20 Ack: 0x1DEA8449 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/19-15:25:17.495876 24.217.213.111:4561 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:25264 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x765C1A38 Ack: 0x1D8C0575 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/19-15:25:20.946117 24.217.213.111:4900 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:26005 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x76FE4B69 Ack: 0x1DEE2533 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:21.142356 24.217.213.111:4921 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:26049 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x7709A675 Ack: 0x1EA48ADD Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:21.393857 24.217.213.111:4951 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:26092 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x77157945 Ack: 0x1EB099B9 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:21.584668 24.217.213.111:4978 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:26130 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x77223B8A Ack: 0x1E873ECB Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/19-15:25:22.201135 24.217.213.111:4992 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:26243 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x7729FE90 Ack: 0x1E1E3D8E Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |