[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:55:58.312534 24.226.120.167:3778 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27553 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xC9BBB059 Ack: 0xF59F0097 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:01.689057 24.226.120.167:3870 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:27837 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xCA0C5971 Ack: 0xF5EB67B8 Win: 0xFAF0 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:05.682122 24.226.120.167:3986 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28192 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCA7019F4 Ack: 0xF5A52389 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:06.338334 24.226.120.167:4001 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28236 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCA7BCAC1 Ack: 0xF598E798 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:16.360409 24.226.120.167:4222 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28844 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCB408786 Ack: 0xF68A3458 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/06-22:56:17.102194 24.226.120.167:4236 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28912 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xCB4BAEC9 Ack: 0xF63D78A6 Win: 0xFAF0 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 05/06-22:56:17.731629 24.226.120.167:4265 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:28968 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xCB61017B Ack: 0xF6525DB7 Win: 0xFAF0 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:18.396492 24.226.120.167:4280 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29012 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xCB6D6F16 Ack: 0xF65A0485 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:19.160145 24.226.120.167:4291 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29055 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCB788833 Ack: 0xF6590CE5 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:29.246873 24.226.120.167:4538 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:29786 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCC53B4C3 Ack: 0xF73992F5 Win: 0xFAF0 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:33.477228 24.226.120.167:4642 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30085 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCCB2D9E7 Ack: 0xF7298C87 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:37.637601 24.226.120.167:4738 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30383 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCD07F3D3 Ack: 0xF74653B1 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:38.240080 24.226.120.167:4754 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30428 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xCD15ACA4 Ack: 0xF803C585 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:38.898921 24.226.120.167:4767 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30471 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCD20A24A Ack: 0xF75EB018 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:41.799728 24.226.120.167:4767 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30651 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCD20A24A Ack: 0xF75EB018 Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:42.655259 24.226.120.167:4914 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30733 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xCD732EA0 Ack: 0xF82970EB Win: 0xFAF0 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/06-22:56:43.250742 24.226.120.167:4955 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:30810 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCD83E45D Ack: 0xF7972C45 Win: 0xFAF0 TcpLen: 20 |