[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:21:52.706454 24.236.70.2:3763 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:15469 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0x4C9DE4FF Ack: 0xC9E76C5 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:02.759568 24.236.70.2:3898 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:15792 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0x4D2AE332 Ack: 0xCE17ED9 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:06.285451 24.236.70.2:3943 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:15915 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4D5ADE09 Ack: 0xD2AF2B9 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:09.795852 24.236.70.2:4009 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16112 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0x4D979C7D Ack: 0xD0B52A4 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:10.080713 24.236.70.2:4010 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16122 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4D992B3B Ack: 0xDE23AFE Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/24-17:22:10.405371 24.236.70.2:4016 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16137 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4D9E3332 Ack: 0xDEF1523 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/24-17:22:13.940300 24.236.70.2:4057 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16226 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0x4DCA52EC Ack: 0xD319676 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:14.202127 24.236.70.2:4066 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16242 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0x4DD16A95 Ack: 0xD97BE14 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:17.698779 24.236.70.2:4108 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16330 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4DFF07A7 Ack: 0xD88982D Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:20.889033 24.236.70.2:4111 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16420 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4E0263D5 Ack: 0xDCCFFFD Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:24.724027 24.236.70.2:4190 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16512 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4E565124 Ack: 0xE5225BB Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:27.992194 24.236.70.2:4229 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16593 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0x4E7FFD7C Ack: 0xE90F5FC Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:28.259059 24.236.70.2:4233 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16608 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0x4E83BF39 Ack: 0xE7C8E36 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:28.523313 24.236.70.2:4235 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16618 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4E863EBE Ack: 0xE607B44 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:28.782924 24.236.70.2:4238 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16631 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0x4E8A773F Ack: 0xEA5DA31 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:32.260388 24.236.70.2:4283 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16728 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4EB50718 Ack: 0xEF6CECA Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/24-17:22:35.221633 24.236.70.2:4283 -> 192.168.1.6:80 TCP TTL:109 TOS:0x0 ID:16794 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0x4EB50718 Ack: 0xEF6CECA Win: 0x4470 TcpLen: 20 |