[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:40.092153 24.245.36.142:4265 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:39992 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xCCE445CD Ack: 0x355AB4A Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:41.320721 24.245.36.142:4313 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:40209 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xCD0C4687 Ack: 0x2C41E23 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:51.171532 24.245.36.142:4763 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:41704 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCE5A75C9 Ack: 0x4F10A92 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:51.691649 24.245.36.142:4774 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:41767 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xCE6089E8 Ack: 0x44A1171 Win: 0x4470 TcpLen: 20 |
[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:52.205477 24.245.36.142:4808 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:41837 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xCE718A31 Ack: 0x4442609 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-19:18:55.839098 24.245.36.142:4820 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xCE78D501 Ack: 0x4FEA6F9 Win: 0x4470 TcpLen: 20 |
[**] [1:1286:5] WEB-IIS _mem_bin access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] 04/29-19:18:56.192820 24.245.36.142:1097 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:42456 IpLen:20 DgmLen:157 DF ***AP*** Seq: 0xCEFE82C3 Ack: 0x49D65D4 Win: 0x4470 TcpLen: 20 |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:18:56.459642 24.245.36.142:1109 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:42500 IpLen:20 DgmLen:185 DF ***AP*** Seq: 0xCF08A1D2 Ack: 0x4D0F6B3 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:00.415036 24.245.36.142:1127 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:43047 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCF18B505 Ack: 0x493B26C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:00.792930 24.245.36.142:1275 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:43123 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xCF94246E Ack: 0x5983A10 Win: 0x4470 TcpLen: 20 |
[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:10.476100 24.245.36.142:1639 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:44479 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD0BF7804 Ack: 0x602A149 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:10.842215 24.245.36.142:1659 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:44544 IpLen:20 DgmLen:137 DF ***AP*** Seq: 0xD0CF5FA4 Ack: 0x5CAD995 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:18.114538 24.245.36.142:1796 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:45571 IpLen:20 DgmLen:138 DF ***AP*** Seq: 0xD1454DF2 Ack: 0x6B71F7B Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:18.644291 24.245.36.142:1946 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:45647 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD1B99809 Ack: 0x63BE36C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:21.425364 24.245.36.142:1946 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:46051 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD1B99809 Ack: 0x63BE36C Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:970:5] WEB-IIS multiple decode attempt [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:21.969927 24.245.36.142:2071 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:46132 IpLen:20 DgmLen:140 DF ***AP*** Seq: 0xD2224D6B Ack: 0x6F26801 Win: 0x4470 TcpLen: 20 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 04/29-19:19:22.625104 24.245.36.142:2079 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:46213 IpLen:20 DgmLen:136 DF ***AP*** Seq: 0xD229F959 Ack: 0x6F316F8 Win: 0x4470 TcpLen: 20 |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-20:05:35.011238 24.245.36.142:1695 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:15101 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xAC12B31F Ack: 0xB103F417 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-20:05:36.003367 24.245.36.142:1750 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:15249 IpLen:20 DgmLen:110 DF ***AP*** Seq: 0xAC3FA34A Ack: 0xB1706C11 Win: 0x4470 TcpLen: 20 [Xref => http://www.cert.org/advisories/CA-2001-19.html] |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-20:05:39.191329 24.245.36.142:1763 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:15696 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xAC4B1265 Ack: 0xB17C2674 Win: 0x4470 TcpLen: 20 |
[**] [1:1002:5] WEB-IIS cmd.exe access [**] [Classification: Web Application Attack] [Priority: 1] 05/07-20:05:39.703602 24.245.36.142:1882 -> 192.168.1.6:80 TCP TTL:110 TOS:0x0 ID:15780 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xACADA30C Ack: 0xB13B3F98 Win: 0x4470 TcpLen: 20 |