[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:23:53.709443 24.225.185.140:4024 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:53022 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x1EC917AA Ack: 0x9FAB31A6 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:23:58.451931 24.225.185.140:4199 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:55679 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x1F5480E8 Ack: 0xA0A2A549 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:24:02.964910 24.225.185.140:4748 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:56684 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x210C5D76 Ack: 0xA024067F Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:24:04.464388 24.225.185.140:4888 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57029 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x2179BE27 Ack: 0xA0EA44AB Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:24:09.009094 24.225.185.140:1194 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:57981 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x22576460 Ack: 0xA0826D75 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-12:24:19.563603 24.225.185.140:1318 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:60046 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x22B8D5FC Ack: 0xA09A41E5 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/14-12:24:24.608109 24.225.185.140:2317 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:61040 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x25CB1C6A Ack: 0xA1FDBE02 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/14-12:24:32.630305 24.225.185.140:2662 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:62553 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x26E0147D Ack: 0xA225C287 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |